Since the Court of Justice of the European Union declared on October 6, 2015 that the "Safe Harbor" was invalid, a new framework for transatlantic data flows has been expected in order to facilitate the transfer of personal data to the United States.
After several months of negotiation between the European Commission and the U.S. Department of Commerce, the draft of the new framework called "Privacy Shield", which aims to provide adequate guarantees to European citizens regarding their personal data, was presented in details on February 29, 2016.
Therefore, the "Privacy Shield" will require "strong obligations" and a "robust" implementation which will "be legally binding and enforceable under U.S. law" to companies. Moreover, the U.S. Department of Commerce will provide a "regular and rigorous" monitoring of the companies commitments. As such, companies will notably have the obligations to answer within 45 days to the European citizens' complaints and will have to include a link in their website leading to the complaint submission form.
In addition, the "Privacy Shield" will have to provide accessible and affordable independent recourse mechanisms including cost-free alternative dispute resolution bodies to European citizens. Furthermore, European citizens will also be able to bring complaints before their home Data Privacy Authority which will work closely with the U.S. Department of Commerce and the Federal Trade Commission in order to solve the disputes.
Finally, cooperation between the European Commission and U.S. Institutions will be strengthened and will lead to an annual joint review mechanism which aims to monitor the functioning of the "Privacy Shield".
Besides, the U.S. Government has provided guarantees regarding the massive collection of personal data for the purpose of national security that will be subject "to clear limitations, safeguards and oversight mechanisms". As such, an ombudsperson independent from the national security authorities will be appointed.
U.S. companies wishing to use this mechanism shall be waiting until the final decision of the College of Commissioners. This decision should be released after the G29 advice scheduled for the plenary session on April 12 and 13, 2016. During this transitional period, it is recommended to use either standard contractual clauses adopted by the European Commission, or the Binding Corporation Rules. In addition, companies are encouraged to now prepare the implementation of the conditions resulting from the "Privacy Shield" in order to be able to use the mechanism as soon as the final decision will be released.
