Press Release, EU Commission and United States agree on new framework for transatlantic data flows: EU-US Privacy Shield (Strasbourg, February 2, 2016)
The European Commission and the United States have agreed on a new Privacy Shield to govern the usage and protection of data of European citizens when their data passes into the United States. The agreement, announced on February 2, 2016, creates a new set of data protection obligations for US companies when managing data of European citizens. US and EU authorities will also be able to better monitor and enforce the new regime.
Negotiations were prompted by the invalidation of the older “safe harbor” scheme adopted by the European Commission in 2000. Under those provisions, data from European countries could be shared with US companies if certain outlined privacy principles were complied with. However, after an Austrian citizen complained that his Facebook data was inadequately protected due to US government surveillance revealed by Edward Snowden, the European Court of Justice overturned the safe harbor principles. In the 2015 Schrems decision, the court stated that because US law permitted national security and law enforcement usage of the data to trump the safe harbor data protections, the scheme “enables interference . . . with the fundamental rights of [European] persons.” Maximillian Schrems v Data Protection Commissioner, 2015 E.C.R. C-362/14.