"Leap Forward on EU-US Data Transfers?"
On the heels of President Obama signing the Judicial Redress Act into law last Wednesday, January 24, 2016, the EU Commission released text of the EU-US Privacy Shield Framework, which contains the principles that U.S. companies will need to abide by in order to maintain a finding of “adequacy” under the EU data protection laws. The release from the EU Commission also makes public the statements made to the EU Commission by the United States government with respect to the enforcement of the framework by the United States. Those written commitments are due to be published in the Federal Register within 30-days of final approval of the adequacy determination.
The Federal Trade Commission has also issued a press release supporting the Privacy Shield Framework and emphasizing the FTC’s enforcement of data privacy and security for consumers in both the United States and Europe, all with the hope and aim of strengthening trust in United States data privacy and security protections following the Snowden revelations.
The publications released by the EU Commission provide additional insight into the Privacy Shield Framework and should provide guidance to companies that have been struggling with data transfers between the two jurisdictions following the Schrems decision last year. Notably, the draft adequacy determination contains a considerable amount of text related to oversight of government access to data, building off the Judicial Redress Act just signed into law. The publications released include a fact sheet that provides an overview of the Framework, as well as the draft adequacy determination and other materials.