The EU Member States have given their support to the EU-U.S. Privacy Shield, a renewed framework for transatlantic data flows which is meant to replace the old “Safe Harbor”. The decision of the Member States was mandatory in order to formally adopt the Privacy Shield in the EU.
In opposite to Safe Harbor, the Privacy Shield imposes clear and strong obligations on companies handling the date and makes sure that these rules are followed and enforced in practice. It is the first time that the United States has committed to written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizen’s personal data.
In October 2015, the European Court of Justice (“ECJ”) decided that Safe Harbor was not compliant with European fundamental freedoms and data protection laws and that therefore on that basis, personal data of EU citizens could no longer be transferred to the United States. (cp. here).
In February 2016, the European Commission announced that the government of the United States has agreed to a new regulation called the EU-U.S. Privacy Shield. After some discussions, this Privacy Shield will now become reality.