Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. For members
  3. Journal Archive
  4. Issues
  5. April 2016
  6. Privacy Shield, the new Safe Harbor

Privacy Shield, the new Safe Harbor

Brussels office briefing: the legal texts have been released that will put in place the new framework for transatlantic data flows, following the decision in the “Safe Harbor” case
18th April 2016

On 29 February 2016, the Commission released the legal texts, including the draft adequacy decision, that will put into practice the new EU-US framework for transatlantic data flows, called the Privacy Shield. The publication follows the conclusion of the EU-US negotiations on the agreement which was announced by Commissioners Ansip and Jourova on 2 February 2016.

The Privacy Shield is designed to provide legal certainty for business and to protect the fundamental rights of EU citizens. In particular it will impose:

  • stronger obligations on US companies to protect EU citizens data;
  • stronger obligations for the monitoring and enforcement by the US Department of Commerce and Federal Trade Commission (FTC), as well as cooperation with the European data protection authorities (DPAs);
  • clear conditions, limitations and oversight concerning the access to the transferred personal data by US public authorities for national security purposes (the US Office of the Director of National Intelligence has provided written guarantees to that effect);
  • several possibilities for redress for EU citizens including:
  • a complaint system to the European DPAs, which can refer the matter to the US FTC;
  • a dedicated ombudsperson in the field of national security, within the US Department of State, independent from national intelligence services;
  • an obligation that complaints must be dealt with by companies within 45 days;
  • a free of charge alternative dispute resolution system;
  • an arbitration mechanism (a last resort mechanism to make sure that the complaints are resolved);
  • commitment to an annual review of adequacy decision. The review will be conducted by the Commission and the US Department of Commerce with involvement of national intelligence experts from the US and European DPAs. The review will also be able to draw on other resources such as transparency reports of companies. The Commission will have to report to the European Parliament on the results of each review.

The legal texts, as well as the agreement itself, have attracted criticism from some NGOs and politicians. Max Schrems pointed out that although the Privacy Shield has some minor improvements, it does not address the core flaws of the US legal system that allows bulk surveillance. The current written guarantees from the US refer to six situations in which bulk surveillance would be allowed. This may raise questions among the DPAs and the Article 29 Working Party, as the CJEU judgment clearly stated that any form of bulk surveillance is a violation of fundamental rights.

On her Twitter account, Sophie in’t Veld MEP (Netherlands, ALDE) questioned the legal status of written guarantees given by the US, whilst Jan Philipp Albrecht MEP (Germany, Greens EFA), home affairs and data protection spokesperson and former rapporteur on data protection regulation, stated that “The new 'Privacy Shield' framework appears to amount to little more than a remarketed version of the pre-existing Safe Harbour decision, offering little more than cosmetic changes.”

The European DPAs and the European Ombudsman also expressed doubts about the position of the ombudsman being taken up by a senior US Government official, rather than being given to an independent body.

The agreement will now be consulted within a committee composed of representatives of the member states. In addition, the Article 29 Working Party will give its opinion and in particular its assessment of the agreement against the criteria set out by the case law of the CJEU. Most recently, the judgment in the Schrems case invalidated the previous EU-US data transfer scheme, Safe Harbor, and set out clear conditions that must be satisfied by any transfer scheme of personal data to third countries. The agreement will also have to be approved by the College of Commissioners.

On its part, the US will make the necessary arrangements to put in place the new framework, its monitoring mechanisms and the new ombudsperson.

To subscribe to the Brussels Office Briefing, contact Antonella.Verde@LawSociety.org.uk
 

 

Share this article
Add To Favorites
https://lawware.co.uk/

In this issue

  • Family ADR: why the slow takeup?
  • Electronic cigarettes: the medicine of tomorrow?
  • Official advice: must do better
  • Privacy Shield, the new Safe Harbor
  • Maternity: still black marks
  • Designed for justice
  • Reading for pleasure
  • Opinion: Tim Musson
  • Book reviews
  • Profile
  • President's column
  • 20 is the new 40
  • People on the move
  • Stress: the common enemy
  • A safer way to talk
  • Mind the gap
  • SLCC: a role in standards?
  • Budget 2016: a spoonful of sugar?
  • Rights lost to sight?
  • Take care with care services
  • How the Sheriff Appeal Court fits in
  • Extended liability?
  • Periti credere? [Experts believe]
  • What's happening on the review
  • Scottish Solicitors' Discipline Tribunal
  • Deeds of conditions: emerging stronger
  • In-house and staying in demand
  • Further warning over historic client balances
  • Law reform roundup
  • Perceptions and priorities
  • Training is the key
  • Ask Ash
  • By diverse means
  • The literal truth

Recent Issues

Dec 2023
Nov 2023
Oct 2023
Sept 2023
Search the archive

Additional

Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited