Commission replaces Safe Harbour with rebranded ‘privacy shield’

The European Commission signed off on a new data transfer agreement with the US today (2 February) to replace the old Safe Harbour agreement.

EU Justice Commissioner Vera Jourova and Vice President Andrus Ansip

EU Justice Commissioner Vera Jourova and Vice President Andrus Ansip [European Commission]

Catherine Stupp Euractiv 03-02-2016 05:08 4 min. read Content type: Euractiv is part of the Trust Project

Donec et orci aliquet nisl suscipit molestie sed sit amet tortor. Duis vel urna ac mi sollicitudin lacinia mollis sit amet lorem. Sed finibus erat nec libero scelerisque fringilla. Morbi at orci sed urna vulputate vulputate. Nulla facilisi. Donec et orci aliquet nisl suscipit molestie sed sit amet tortor.

Want to keep reading?

Get a subscription on Euractiv Pro and elevate your political insight!

Discover Euractiv Pro
For corporations

Christian Borggreen, international policy director of the Computer & Communications Industry Association (CCIA): "We welcome the agreement, which will provide strong privacy safeguards for consumers and legal certainty for the thousands of companies that depend on transatlantic data flows.  We commend the European Commission and U.S. negotiators for agreeing on a strengthened framework, which we will now examine in further detail. We call on European Data Protection Authorities to endorse this new and strengthened framework and give time for Safe Harbour companies to transition. We also urge that existing commercial data transfer mechanisms remain viable."

German MEP Jan Philipp Albrecht (Green): "This new framework amounts to little more than a reheated serving of the pre-existing Safe Harbour decision. The EU Commission's proposal is an affront to the European Court of Justice, which deemed Safe Harbour illegal, as well as to citizens across Europe, whose rights are undermined by the decision. The proposal foresees no legally binding improvements. Instead, it merely relies on a declaration by the US authorities on their interpretation of the legal situation regarding surveillance by US secret services, as well as the creation of an independent but powerless Ombusman, who would assess citizens' complaints. [...] If this framework is adopted unchanged, it can be expected that member states' data protection authorities will exercise the new powers granted to them via the European Court ruling to subject any data transfers to additional security measures."

John Higgins, director general of trade association DigitalEurope: “We hope a new Decision will be presented shortly and that it will re-establish a sustainable path for data transfers between the EU and US while safeguarding data privacy and bringing legal clarity to businesses. We ask Europe’s DPAs to view this signal from the European Commission as a sign of good faith and to hold off with any potential enforcement action until the new agreement has been fully implemented. While they are assessing the replacement for Safe Harbour, we urge Europe’s DPAs to continue to honour the use of other transfer mechanisms, such as binding corporate rules (BCRs) and model contract clauses (MCCs), so that data transfers to the US can continue unimpeded.”

Dean Garfield, president and CEO of lobby association Information Technology Industry Council (ITI): "Once fully enacted, this agreement will provide a basis for companies to reliably move data across the Atlantic, while upholding citizens' fundamental rights to privacy and data protection."

Susan Danger, managing director of the American Chamber of Commerce's EU office: "This new framework gives business the necessary confidence to continue to invest in the transatlantic marketplace. It is a step in the right direction towards rebuilding trust and confidence for citizens and business alike."

The US-EU Safe Harbour agreement allowed over 4,000 companies to transfer data from the EU to the US - provided the companies guaranteed the data's security abroad. EU law considers data privacy protections to be inadequate in the US. In October 2015, the European Court of Justice (ECJ) ruled Safe Harbour to be invalid on grounds that government surveillance in the US threatens the privacy of EU citizens' data, and that there is no judicial redress for EU citizens whose data is accessed by state surveillance agencies in the US.

Since the ECJ decision, EU and US negotiators have sped up their talks to strike a new data transfer agreement. European data protection authorities from the 28 EU member states met after the ECJ decision, and asked the Commission to come up with a new deal by the end of January 2016. The data protection authorities are tasked with investigating and deciding on privacy complaints in their own member states.

Subscribe to our newsletters

Subscribe