European Commission Finds Privacy Shield Adequate to Protect EU Data
NEWS ANALYSIS: The EU's finding is a critical first step in allowing data sharing between Europe and the U.S., but a number of review steps remain, and everything depends on U.S. actions.The European Commission issued a draft adequacy decision to EU members as a first step to ensuring that transatlantic data flows continue unabated. The move follows an EU court ruling that determined the U.S. was not adequately protecting the privacy of EU citizens' personal data. The court case stemmed in part from classified documents leaked by former National Security Agency contractor Edward Snowden.
"The Commission has carefully analyzed U.S. law and practice," the EC said in its draft, concluding that “the United States ensures an adequate level of protection for personal data transferred under the EU-U.S. Privacy Shield from the Union to self-certified organizations in the United States."The EC findings specifically note that the Privacy Shield is based on self-certification by U.S. companies that commit to abiding by EU privacy requirements when they're handling private information of European citizens. U.S. organizations have to commit to a series of privacy principles, which include notice, security, data integrity and accountability. Along with the draft adequacy decision, the European Justice Minister also released the full details of the Privacy Shield negotiated earlier this year between the U.S. government and the European Commission.