On 12 July 2016, the European Commission announced that it had adopted the EU-US Privacy Shield, a new framework to “protect the fundamental rights of anyone in the European Union whose personal data is transferred to the United States” and to bring “legal clarity for businesses relying on transatlantic data transfers”.
The adoption of this framework is the result of nine months of intense negotiations between the EU and the US; as reported by IFRRO, following the invalidation of the Safe Harbour decision by the Court of Justice of the EU last year – the Safe Harbour being the previous framework for EU-US data flows – the European and US authorities had worked together and reached an agreement on a new framework in February this year with the support of a number of EU Member States. The first draft agreement was then amended to meet the concerns expressed by European data protection authorities and the European Data Protection Supervisor.
The European Commission has notified the Member States of its decision to adopt the Privacy Shield, meaning that it has now entered into force. On the US side, the framework will be published in the Federal Register and the US Department of Commerce will also start operating the Privacy Shield.