UK firms to adopt EU-US Privacy Shield

EC Privacy Shield Brussels

UK firms will now have to adopt the EU-US Privacy Shield, a new framework that will set out to govern data transfers between the European Union (EU) and the United States.

The Privacy Shield, adopted today, will seek to protect the fundamental rights of individuals in the EU whose personal data is transferred to the United States and in turn, bring much needed clarity for businesses relying on these kind of transatlantic data transfers.

Impact on the UK

A spokesperson for the EC told Tech City News that the new framework would apply to the UK for as long as the country would remain part of the EU.

“The UK is part of the EU as long as the UK government doesn’t trigger Article 50 [of the Lisbon Treaty]. So, yes, this applies to the UK,” confirmed the spokesperson.

Vinod Bange, head of the UK Data Protection/Privacy practice at Taylor Wessing, commented on this news noting that further changes could be expected:

“While this is a great step forward following the shock demise of Safe Harbor, it is not necessarily the end of the story on EU-US data transfers. Max Schrems, who brought the original challenge to Safe Harbor, has begun court action to get a similar process of review underway with regard to the use of model clauses and Binding Corporate Rules (BCRs).”

“It is also possible that the Privacy Shield itself will be subject to legal challenge (see comments made by Schrems today), either in the near future or further down the line if it is seen as insufficiently robust. Having said that, Commissioner Jourová and the US Secretary of Commerce said that the Privacy Shield had been designed to take into account the CJEU ruling in the Safe Harbor case which gave them confidence that it would not be open to further legal challenges, ” added Bange.

What’s next

With today’s announcement, the EC puts an end to nine months of uncertainty following the replacement of the Safe Harbor agreement last autumn.

Andrus Ansip, commission vice-president for the Digital Single Market, said in a statement: “We have approved the new EU-U.S. Privacy Shield today. It will protect the personal data of our people and provide clarity for businesses.

“We have worked hard with all our partners in Europe and in the US to get this deal right and to have it done as soon as possible. Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions, he continued.

According to a statement, the decision will be notified to all Member States today, and thereby enter into force with immediate effect.

The Commission is expected to publish a short explanatory guide for citizens with the available remedies in case an individual considers that his personal data has been used without taking into account the data protection rules.