EU/US Data Transfer Agreement named “Privacy Shield” to Replace “Safe Harbor Agreement”

Posted February 29, 2016

Sources:

1. http://thehill.com/policy/cybersecurity/271233-us-eu-face-blowback-on-data-deal
2. http://fortune.com/2016/02/29/privacy-shield-details/
3. http://www.computerworld.com/article/3038690/data-privacy/eu-adds-detail-to-privacy-shield-agreement-prepares-to-give-it-force-of-law.html
4. http://arstechnica.com/tech-policy/2016/02/privacy-shield-doomed-from-get-go-nsa-bulk-surveillance-waved-through/
5. http://fortune.com/2016/02/25/safe-harbor-crackdown/?mod=djemRiskCompliance

A new deal between the United States and the EU is currently under review. The agreement consists of policies to protect and enforce the protection of EU customer data that gets transferred to US entities.  The original bill, called the “Safe Harbor Agreement”, was thrown out by the Court of Justice of the European Union last October. The original agreement lacked in various aspects with special attention to how the bill will be enforced, how investigations into data abuse will occur, and what surveillance by the United States would be allowed. An ombuds-person who is unrelated to any federal agency will provide oversight on this agreement. All investigations in data abuse is stated to complete in 45 days. All US organizations who do business with the EU must re-certify for compliance on an annual basis. There are certain instances were US intelligence is allowed to collect information from these data streams as provided by section PPD28 of the Privacy Shield agreement. (ex: cybersecurity, transnational criminal threats, and counter-terrorism) There are those who oppose the bill as a portion of the bill does allow for bulk intelligence collection. Supporters disagree and point out that enforcement of privacy is written into the agreement. Also noteworthy, DPA – Data Protection Authority from Hamburg Germany has plans to fine three US companies for mishandling EU citizens’ data under the former Safe Harbor agreement.