Privacy Shield EU-US
In February 2016 the European Commission published the Communication from the Commission to the European Parliament and the Council “Transatlantic Data Flows: Restoring Trust through Strong Safeguards”, a proposal for a decision on the adequacy and the annexes that constitute the new legal framework for the transatlantic personal data flow for commercial purposes: the Privacy Shield EU-US which shall replace the Safe Harbor Principles which were invalidated by the Court of Justice of the European Union on the 6th of October 2015 in the Schrems case.
The documents published by the European Commission were subject to the evaluation of the data protection authorities under the Article 29 Working Group and had as a result an opinion. Thus, it was analysed, on one hand, the commercial activity of Privacy Shield and, on the other hand, the guarantees imposed with regard to the exemptions from the principles of Privacy Shield for purposes of national security and public interest.
In August 2016, the Commission Implementing Decision (EU) 2016/1250 of the European Commission of the 12th of July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield was published in the Official Journal of the European Union.
According to this decision, the U.S. guarantees an adequate level of protection for personal data transferred from the European Union to organisations established in the U.S. based on the E.U.-U.S. Privacy Shield provided that those entities process personal data according to a strong set of privacy and data protection principles and safeguards that are equivalent to those in the European Union.
The text of the European Commission Decision can be consulted here.
In the same time, in order to help the individuals, in August 2016, the Citizen's Guide to the EU-US Privacy Shield was published on the web page of the European Commission.
The Citizen’s guide offers general information with regard to the EU-US Privacy Shield and also presents, briefly, the obligations of the companies which are part of the EU-US Privacy Shield, as well as the rights of the data subjects with reference to the processing of personal data: the right to be informed, the right to access and correct your data as well as the right to lodge a complaint.
Thus, the Citizen’s guide offers information concerning the way in which the data subject can lodge a complaint against a US company which process personal data based on the EU-US Privacy Shield to the following entities: the US company, the alternative dispute resolution body, the national data protection authority, US Department of Commerce, US Federal Trade Commission, Privacy Shield Panel.
The text of the Guide can be consulted here.