The agreement, called the EU-US Privacy Shield, replaces the 15-year old Safe Harbor framework, which the European Court of Justice (ECJ) struck down late last year for failing to protect European Union citizens from mass surveillance by US intelligence agencies.
Details of the EU-US Privacy Shield have not yet been published, but the EC has offered the following highlights:
- Safeguards against U.S. government access: This item was at the root of the Safe Harbor invalidation and was considered the central negotiating themes for an updated US-EU agreement to go forward. The EC announced that the US has provided adequate guarantees against unfettered intelligence agency access, and will create an Ombudsman role within the US State Department to ensure oversight and transparency.
- Obligations and Enforcement: The EU-US Privacy Shield imposes greater obligations on companies to protect EU data and stronger US government measures to enforce them.
- EU citizens' rights and redress: The new framework provides several avenues for EU citizens to complain about potential data misuse and places deadlines on companies to respond them.
Cross-border transfer may continue as it has since October, when the Safe Harbor agreement was ruled invalid.