As defined by the European Commission, the EU-US Privacy Shield is a new framework that protects the rights of Europeans when data is transferred to the United States, with the end goal of ensuring legal certainty for businesses.
It is the successor to the older Safe Harbour framework, which is now out of date.
The framework will:
- Prevent generalised access to data held on Europeans by US companies.
- Benefit Europeans with the ability to raise enquiries or complaints in this regard.
- Make the USA legally required to monitor and enforce the Privacy Shield, in an effort to create greater transparency and increased protection of data.
- Result in sanctions for commercial businesses in America who are non-conformant.
When might the EU-US Privacy Shield be used?
- American authorities will need to cooperate and comply with European Data Protection Authorities when they need to access data held on European data subjects.
- Once a year, American companies will need to self-certify that they meet the requirements and display a privacy policy on their website.
- When a European individual wishes to complain to an American company.