Following months of negotiations and uncertainty, the so-called Privacy Shield that regulates the flow of data between European countries and the United States will finally take effect. As of August 1, businesses will have a simple, legal means by which to export the personal information of European Union citizens to the U.S.
Approved today by the European Commission, the Privacy Shield guarantees an adequate level of protection for personal data transferred from the EU to self-certified organizations in the U.S. The agreement, which replaces the defunct Safe Harbor agreement, was announced in Brussels by European Commissioner for Justice Vera Jourova.
The commission notified the governments of the EU’s 28 member states of its approval today, putting the Privacy Shield officially into effect. Companies can register their compliance with Privacy Shield beginning August 1.
The European Commission deemed the Safe Harbor agreement adequate in 2000, but the Court of Justice of the European Union overturned that agreement last fall. The commission said that such an agreement could only work if it provided a level of privacy protection that was essentially equivalent to that of the 1995 Data Protection Directive, which regulates the processing of personal data within the European Union.
“Legislation permitting the public authorities to have access on a generalized basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life,” according to the EU court.
Early drafts of the Privacy Shield were criticized because many people, including the commission?EU?s own advisors, felt its provisions on mass surveillance were too vague. That led to concerns that the new agreement would be overturned in court, but subsequent revisions suggested by the EU court satisfied the parties involved.
The Privacy Shield differs from Safe Harbor in that it offers an annual…