On February 2, 2016, the United States and European Union Commission announced the EU-US Privacy Shield Agreement. The Agreement will govern regulation of data flows between the United States and the European Union (EU) and, as one of the EU Commissioners stated, the agreement addresses concerns by EU members regarding use of European citizens’ data and personal information by U.S. companies and the U.S. government.
The full text of the Agreement will not be released for a number of weeks, but the dual announcements highlight the Agreement's major points:
- The Agreement will impose strong requirements on U.S. companies with respect to the collection and use of personal data.
- The limitations and oversight requirements will also be imposed on collection and use of Europeans' personal information and data by the United States government.
- Aggrieved Europeans will have a number of affordable and accessible dispute resolution options.
While awaiting the specifics of the Agreement, a consensus has emerged that companies might still be able to rely on the EU Model Clauses and Binding Corporate Rules for data transfers, but whether those protocols survive after the terms of the Agreement are released remains to be seen. Companies relying on the U.S. Safe Harbor provisions may face enforcement action since that scheme was invalidated by the Court of Justice of the European Union in the Schrems decision late last year.
Look for additional updates and analysis on this important development when the full text of the Agreement becomes available.