Some weeks ago we informed you of the EU-US Privacy Shield, announced by the European Commission on February 2, 2016 meaning a new arrangement for transatlantic data flows between the EU and US. In this blog you can read recent developments of the EU-US Privacy Shield and alternative solutions offered by Leaseweb.
EU US Privacy Shield in the making
We have known since October 2015 that the US Safe Harbor regime is invalid, meaning that personal data of Europeans can no longer be transferred by a company to US Safe Harbor certified companies. Monday 29 February 2016, the European Commission published the details of the EU-US Privacy Shield that should replace the Safe Harbor certifications.
In short the new EU-US Privacy Shield should guarantee that privacy protections for data transferred to the US are equivalent to data protection standards in the EU.
The European Commission argues that the new EU-US Privacy Shield imposes stronger obligations on US companies to protect Europeans’ personal data and that it requires the US to monitor and enforce more robustly and cooperate more with European Data Protection Authorities.
New requirements for US Companies
The EU-US Privacy Shield agreement provides new safeguards and transparency obligations on US government access. The US government has given a written assurance against indiscriminate mass surveillance of Europeans’ data. US companies will be able to report an (approximate) number of access requests.
According to the new proposals, US companies will have the obligation to self-certify annually that they meet the requirements of the Privacy Shield and display a privacy policy on their website. Other requirements would include that US companies comply with European Data Protection Authorities in case of complaints respondswiftly (within 45 days). If US companies do not comply with the requirements, they will be confronted with sanctions or exclusion.
A US Ombudsman will be introduced to handle and solve complaints from individuals. The US Ombudsman is part of the new proposals.
Next steps
During the period April–May 2016 the European Data Protection Authorities will evaluate the text of the proposed Privacy Shield agreement. The Article 29 Working Party (WP29) of the EU National Data Protection Authorities will officially give their opinions whether the Privacy Shield is considered to provide adequate protection on April 12 and 13, 2016. The WP29 will also clarify if the alternative means, such as binding corporate rules and model clauses, will be considered valid.
The 28 Member States of the EU will need to vote. It is expected that the European Commission will give a final decision on the agreement by late spring or early summer, striving for finalization before July.
Leaseweb alternative solutions
In the meantime, Leaseweb companies offer solid alternative solutions to resolve transatlantic data flow issues thanks to the design of its network and services. The solution Leaseweb offers is based on setting up servers within EU borders and keeping the data within those geographical areas. Over recent years the Leaseweb brand has expanded in Europe, Asia and the US, as separate and distinct legal entities in each country in which we are active. Our business structure is based on each Leaseweb business company only operating their infrastructure within their own geographical area. Our services to customers are limited to making infrastructure available, and therefore Leaseweb companies do not manage or control the data stored, transferred or otherwise processed by customers. In short, the Safe Harbor invalidation did not affect the delivery of Leaseweb service to our customers. This will remain unchanged even after the new EU US Privacy Shield becomes effective. Meanwhile we continue to offer sound solutions for EU US compliance and our customers can rest assured that their service will continue at the same high-quality level as before.
For more information, see press release and Q&A provided by the European Commission: