At last, Privacy Shield is official
U.S. Secretary of Commerce Penny Pritzker and Věra Jourová, commissioner for Justice, Consumers and Gender Equality, announced Privacy Shield's approval in Brussels.
With a flourish of the pen, or more precisely a matter-of-fact briefing in Brussels Tuesday, the European Commission approved the EU-U.S. Privacy Shield pact that will provide the framework for the protection of data as it flows across the Atlantic from Europe to the U.S.
"We have approved the new EU-U.S. Privacy Shield today. It will protect the personal data of our people and provide clarity for businesses,” Andrus Ansip, Commission Vice-President for the Digital Single Market, said in a statement, giving the nod to the hard work put in by EU and U.S. negotiators and advisors to turn the pact around quickly after a European Court of Justice struck down its predecessor, Safe Harbor, last fall. “Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions".
Věra Jourová, commissioner for Justice, Consumers and Gender Equality, hailed the Privacy Shield for its safeguards and for ensuring “legal certainty” for companies.
“It brings stronger data protection standards that are better enforced, safeguards on government access, and easier redress for individuals in case of complaints,” she said. “The new framework will restore the trust of consumers when their data is transferred across the Atlantic.”
The agreement, which had been criticized earlier this year, particularly by the Article 29 Working Group (WG29), and then reworked to strengthen privacy protections of EU citizens, offers “strong obligations on companies handling data,” as well as “clear safeguards and transparency obligations on U.S. government access [a particularly sticking point among critics],” the release said, noting it provides “effective protection of individual rights” and a mechanism for annual joint review.
The pact received a thumbs up from the 28 members of the EU Friday.
Once the framework is entered into the Federal Register, the U.S. Department of Commerce will begin to operate Privacy Shield and companies can began to certify for the framework beginning Aug. 1. “In parallel, “ the release said, the EC "will publish a short guide for citizens explaining the available remedies in case an individual considers that his personal data has been used without taking into account the data protection rules.”
Commerce Department Secretary Penny Pritzer, who called the agreement "a milestone for privacy at a time when the sharing of data is driving growth in every sector, from advanced manufacturing to advertising," said she was "confident the Framework will withstand further scrutiny."
But privacy pros expect Privacy Shield to face judicial challenge. "I don't think it's the end of the story," Joseph G. Falcone, partner at the law firm of Herbert Smith Freehills New York LLP, told SCMagazine.com.