[Things don’t stand still in the world of data privacy. Check out our short updates: Spring Cleaning: Fix Contract Terms for Data Transfers From The UK; The Clock is Ticking: Are Your Contract Terms Out-of-Date for Transfers of Personal Data Subject to the GDPR?; Third Time Lucky? Personal Data Transfers between the U.S., EU, UK; Draft EU “Adequacy Decision” for Data Transfers to U.S. Now What?]

Hours ago, EU and U.S. negotiators agreed on a new framework for data sharing across the Atlantic. It’s called the “EU-US Privacy Shield.”

Cutting to the chase, we should soon have new procedures American companies can follow to make them kosher recipients of European consumers’ private data. If so, European companies can provide consumer data to U.S. companies without breaking European law.

But we’re not there yet. The two governments have to approve the deal, struck only by negotiators, and so do the EU’s 28 member states. (How do you like that for extreme federalism?) So European companies providing data to American computers still operate on a hazy frontier, somewhere between “totally illegal” and “basically illegal but we’ll let it slide for now.” I don’t know when that will change.

Interesting features of the deal include enforcement against U.S. companies by the FTC and Department of Commerce, as well as a promise by the U.S. to limit snooping by the NSA and other agencies. The latter has implications for U.S. privacy rights, since some will argue that Americans shouldn’t enjoy weaker privacy rights against their own government than foreigners.

Search “European data” to learn more. But if you want it from the horse’s mouth, here’s the European Commission’s press release.

—————

—————

© 2016 by David W. Tollen. All rights reserved.