The European Commission has released a Draft Adequacy Finding as a step towards the finalization of a new EU-US Privacy Shield. The concept of an EU-US Privacy Shield was outlined in an arrangement published on February 2, 2016. The Shield is intended to replace the EU-US Safe Harbor Agreement, which was invalidated in an October 6, 2015 decision of the European Court of Justice.
The Draft Adequacy Finding will now be reviewed, commented upon, revised and finalize by a wide range of EU agencies and officials before being submitted to vote by the EU Parliament and the European Council. This finalization should not occur before several months.
The EU-US Privacy Shield is intended to create stronger obligations for US companies that process the personal data of residents of the European Economic Area than those that were outlined in the EU-US Safe Harbor, adopted in 2000. It is expected to require stronger monitoring and enforcement by the US Department of Commerce and the Federal Trade Commission, including through increased cooperation with the Member States Data Protection Authorities.
The EU-US Privacy Shield is expected to include written commitments and assurances by the United States that any access by public authorities to personal data transferred to the US under the new arrangement on national security grounds will be subject to clear conditions, limitations and oversight, in order to prevent generalized access. A newly created Ombudsperson mechanism will handle complaints and inquiries in this context.