Transferring Personally Identifiable Information (“PII”) data between the EU and the US is about to get easier. As expected, the “Privacy Shield” was deemed adequate by the Article 31 committee on July 12, despite concerns of the Article 29 working party. This agreement technically goes into effect on August 1, but mark your calendars for July 25 when the Article 29 working party is expected meet to discuss the agreement and whether it has adequate safeguards for EU citizen data.
Recall that in October of 2015, the European Court of Justice struck down the Safe Harbor provisions because they did not adequately safeguard EU citizen Personally Identifiable Information from US government intrusion in light of Edward Snowden’s revelations in 2013. The Safe Harbor was a program that allowed organizations in the US to self certify that they adhered to adequate protections for EU citizen data. The Privacy Shield is a similarly self-certifying program, but it has more penalties and is believed to have better safeguards.
For a more comprehensive look at the Privacy Shield itself, please see my last blog post on this subject.