The new framework dedicated to the EU / US flow of personal data is in fact a combination of several documents issued by the US and the EU.
On the US side, we have a letter sent by the U.S. Secretary of Commerce Penny Pritzker on 23 February 2016 to EU Commissioner Věra Jourová including the “package of EU-US Privacy Shield materials” (of 128 pages) which is made of 6 letters issued by various US officials (see details at the end of this article).
On the EU side, we have several documents issued by the EU Commission, namely:
- the draft adequacy decision;
- Frequently Asked Questions and
- a communication from the EU commission to the EU Parliament and the Council entitled “Transatlantic Data Flows: Restoring Trust through Strong Safeguards”.
The Article 29 Working Party stated yesterday in a press release that it will provide its opinion on the level of protection afforded by the EU-U.S. Privacy Shield on 13 April 2016.
What is certain is that the obligations on data importers will be substantially increased under the new scheme compared to what they were under the invalidated Safe Harbor. We will describe these new requirements shortly on this blog.
The letters composing the package of EU-US Privacy Shield materials are:
- a letter from the International Trade administration of the Department of Commerce (to EU Commissioner Věra Jourová dated 23 February 2016), describing the Department of commerce’s commitments to ensure the effectiveness of the Privacy Shield together with its annexes focusing on (i) the EU-U.S. Privacy Shield Principles and (ii) an arbitral model available under the Privacy Shield;
- a Letter from U.S. Secretary of State John Kerry (to EU Commissioner Věra Jourová dated 22 February 2016) accompanied by a memorandum describing the Privacy Shield Ombudsman mechanism through which authorities in the EU will be able to submit requests on behalf of EU individuals regarding U.S. signals intelligence practices;
- a letter from the Federal Trade Commission (to EU Commissioner Věra Jourová dated 23 February 2016) describing its enforcement of the Privacy Shield framework;
- a letter from the Department of Transportation (to EU Commissioner Věra Jourová dated 19 February 2016) describing its role in enforcing the of the Privacy Shield framework;
- a letter from the office of the Director of National Intelligence Kerry (to the U.S. department of commerce dated 22 February 2016) regarding safeguard and limitations applicable to U.S. national security authorities; and
- a letter from the Department of Justice (to the U.S. department of commerce dated 19 February 2016) providing a brief overview of the primary investigative tools to obtain commercial data and other information from corporations in the United States for criminal law enforcement or public interest.