EU and U.S. Reach Deal on Safe Harbor for Trans-Atlantic Data Transfers

Winthrop & Weinstine, P.A.
Contact
LinkedIn
Facebook
X
Send
Embed

On February 2, 2016, the European Commission announced that the U.S. and European Union have reached a deal on a new Safe Harbor to replace the old Safe Harbor program that was struck down by the European Court of Justice on October 6, 2015. Details about the new Safe Harbor program are still emerging, but will include the following elements:

Strong obligations on companies handling Europeans' personal data and robust enforcement
U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the U.S. Federal Trade Commission. In addition, any company handling human resources data from Europe must commit to compliance with decisions by European Data Protection Authorities (DPAs).

Clear safeguards and transparency obligations on U.S. government access
For the first time, the U.S. has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the U.S. under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review, and invite national intelligence experts from the U.S. and European DPAs to attend.

Effective protection of EU citizens' rights with several redress possibilities
Any citizen who considers their data to have been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, alternative dispute resolution will be available free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Winthrop & Weinstine, P.A. | Attorney Advertising

Written by:

Winthrop & Weinstine, P.A.
Winthrop & Weinstine, P.A.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Winthrop & Weinstine, P.A. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide