Skip to main content

After Safe Harbor: EU-US Privacy Shield

Go Back

The EU-U.S. Privacy Shield

The EU-U.S. Privacy Shield was announced by the European Commission and U.S. Department of Commerce as a replacement for the Safe Harbor Framework. The agreement contains three key features:

  • Strong Obligations for Companies’ Handling of EU Citizens’ Data
  • Clear Safeguards and Transparency Obligations for U.S. Government Agency Access
  • New Redress and Complaint Resolution Mechanisms for EU Citizens

Without an agreement, thousands of companies of all types and sizes – in both Europe and the United States – will face widespread uncertainty and serious impacts to their operations and their ability to conduct business across the Atlantic.

Internet Data Travelling Between the EU and United States is Essential

Everyday millions of people go online to work, exchange ideas, explore, learn, engage in commerce, or connect with friends and family. Complex networks with data streaming around the globe make going online seem routine, and our modern society and economy have become dependent on the free flow of data.

A situation where a significant portion of the Internet is effectively shuttered is frankly unimaginable. But without the EU-U.S. Privacy Shield to improve data privacy protections and ensure online data transfers between Europe and the United States, this contingency may very well come to pass.

What was Safe Harbor?

The Safe Harbor Framework, which was negotiated between the EU and United States in 2009, was the primary – and often sole – mechanism under which more than 4,400 companies of all sizes, and across all industries, legally transferred data from Europe to the United States for the past 15 years. During that time, the transatlantic trade relationship thrived, creating new jobs and new prosperity in both Europe and the United States.

On October 6, 2015, the Court of Justice of the European Union (CJEU) effectively invalidated the Safe Harbor Framework on the basis that the European Commission had not appropriately evaluated whether the United States maintains “essentially equivalent” protections of EU citizen data.

What Did Tech Companies Seek?

ITI encouraged the European Commission and the U.S. Department of Commerce to negotiate a new agreement to replace the Safe Harbor Framework by the January 31, 2016, deadline set out by EU Member State data protection authorities following the CJEU’s ruling.

In particular, ITI and other leading business groups asked leaders on both sides of the Atlantic to support the negotiation of a legally durable framework that reflected shared principles on privacy and security, and provided a reasonable transition period for companies to come into compliance with a revised framework.

We welcome the EU-U.S. Privacy Shield agreement and believe it will provide a basis for companies to reliably move data across the Atlantic, while upholding citizens’ fundamental rights to privacy and data protection.

Learn More: