The EU Member States have given their support to the EU-U.S. Privacy Shield, a renewed framework for transatlantic data flows which is meant to replace the old “Safe Harbor”. The decision of the Member States was mandatory in order to formally adopt the Privacy Shield in the EU.
In opposite to Safe Harbor, the Privacy Shield imposes clear and strong obligations on companies handling the date and makes sure that these rules are followed and enforced in practice. It is the first time that the United States has committed to written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizen’s personal data.
Not long after the “Safe Harbor” decision and in the same context (data transfer to the US by Facebook) the Irish Data Protection Commissioner has decided to bring the EU-US data flows before the European Court of Justice (CJEU) (again).
On 6th and 7th April 2016, the German Data Protection Authorities (“DPAs”) met to discuss several current privacy topics.
One point on the agenda has of course been the assessment of the proposed EU-US Privacy Shield (the successor of the Safe Harbor regime). Currently, the European Data Protection Authorities (the so called “Article 29 Working Party”) are finalizing their common position on the proposed adequacy decision by the European Commission (pdf).
Today, the resolution of the DPAs for the mandate of the German representatives in the Article 29 Working Party has been published (German, pdf).