EU and U.S. Reach Deal on Safe Harbor for Trans-Atlantic Data Transfers
On February 2, 2016, the
European Commission announced that the U.S. and European Union have reached a
deal on a new Safe Harbor to replace the old Safe Harbor program that was
struck down by the European Court of Justice on October 6, 2015. Details about
the new Safe Harbor program are still emerging, but will include the following elements:
Strong obligations on companies handling Europeans' personal
data and robust enforcement
U.S. companies wishing to import personal data
from Europe will need to commit to robust obligations on how personal data is
processed and individual rights are guaranteed. The Department of Commerce will
monitor that companies publish their commitments, which makes them enforceable
under U.S. law by the U.S. Federal Trade Commission. In addition, any company
handling human resources data from Europe must commit to compliance with
decisions by European Data Protection Authorities (DPAs).
Clear safeguards and transparency obligations on U.S. government
For the first time, the U.S.
has given the EU written assurances that the access of public authorities for
law enforcement and national security will be subject to clear limitations, safeguards
and oversight mechanisms. These exceptions must be used only to the extent
necessary and proportionate. The U.S. has ruled out indiscriminate mass
surveillance on the personal data transferred to the U.S. under the new
arrangement. To regularly monitor the functioning of the arrangement there will
be an annual joint review, which will also include the issue of national
security access. The European Commission and the U.S. Department of Commerce
will conduct the review, and invite national intelligence experts from the U.S.
and European DPAs to attend.
Effective protection of EU citizens' rights with several redress
Any citizen who considers their data to have
been misused under the new arrangement will have several redress possibilities.
Companies have deadlines to reply to complaints. European DPAs can refer
complaints to the Department of Commerce and the Federal Trade Commission. In
addition, alternative dispute resolution will be available free of charge. For
complaints on possible access by national intelligence authorities, a new
Ombudsperson will be created.
This client alert is a periodic publication of
Winthrop & Weinstine, P.A., and should not be construed as legal advice or
legal opinion on any specific facts or circumstances. The contents are intended
for general information purposes only, and you are urged to consult your legal
counsel concerning your situation and any specific legal questions you may
have. This may be considered Advertising Material.