EU Commission and United States Agree on New “Privacy Shield” for Trans-Atlantic Data Flow

U.S. and European Commission officials announced on Tuesday that they have reached an agreement in principle on a new EU-U.S. Privacy Shield to permit the flow of data between Europe and the United States.  The new deal follows on the heels of reports Monday evening that U.S. and European officials were continuing to negotiate a replacement for the now-defunct Safe Harbor Framework, after officials failed to reach an agreement by the January 31st deadline.

The European Commission (EC) has indicated that the new Privacy Shield Agreement will include strong obligations on companies handling Europeans' personal data and robust enforcement, including active monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission in cooperation with European Data Protection Authorities.  In brokering the agreement, the United States agreed to new safeguards and transparency obligations on U.S. government access of personal data, and the EC has also obtained assurances from the United States government that “it does not conduct mass or indiscriminate surveillance of Europeans.”  Additionally, the Privacy Shield will accord EU citizens potential redress in the event of a violation of the Privacy Shield, including the ability to bring complaints to a dedicated Ombudsperson.

In comments posted Tuesday, the Federal Trade Commission announced: “We are pleased that U.S. and European Commission officials have reached an agreement in principle which, once finalized, will allow for the continuation of an important mechanism for transatlantic data transfers. Under the new agreement, the EU-U.S. Privacy Shield, the Federal Trade Commission will continue to prioritize enforcement of the framework as part of our broader commitment to protect consumers' personal information and privacy. We will continue to work closely with our European partners to ensure consumer privacy is protected on both sides of the Atlantic.”