The European Union and the United Stated have found a new way to bridge their different legal approaches to data protection and have agreed a new framework for transatlantic data flows called the EU-US Privacy Shield.

The political agreement announced in early February by the European Commission aims to reassure Europeans that their digital fundamental rights will be protected even when their data is transferred States-side. The Privacy Shield hopes to instil more confidence in European businesses by providing them legal transatlantic certainty.

This settlement follows the requirements set out by the European Court of Justice in October last year, when the institution responsible for interpreting EU law declared the old ‘Safe Harbour’ framework invalid. Indeed, under current EU law, companies cannot transfer EU citizens’ private data to countries that do not afford the same data protection rights as Europe. According to the Court of Justice, the United States had previously not met this European standard, hence the need for an overhaul in data protection measures.

To date, and thanks to Safe Harbour, American firms have been able to access and transfer data quite easily. The new EU-US Privacy Shield will be a game changer in the world of data flows. More than half (54%) of online service consumption in Europe is imported from the USA, and more than 4,500 American companies have used the Safe Harbour framework, so it goes without saying that cross-border data flows are central to transatlantic trade and the global digital economy.

Until the agreement collapsed in October, American companies could access European’s cross-border data flow almost freely. However, the new arrangement imposes stronger obligations on U.S. companies importing personal data from the EU with regards to how personal data is processed and how individual rights are assured.

A major concern for Europeans has been the legal intrusiveness of U.S. public authorities, such as the National Security Agency. With the new agreement, Europeans can breathe a sigh of relief: the US Office of the Director of National Intelligence will give written commitment that Europeans data will not undergo mass surveillance. Moreover, in an attempt to further alleviate Europeans’ anxiety, the US will create an ombudsman to cope with complaints from EU citizens about American agencies accessing   their data.

Combined with a more robust and effective protection, EU citizens will now benefit from several routes to redress. The new agreement places stricter deadlines on companies to reply to complaints, while European Data Protection Authorities will be able to refer complaints directly to the US Department of Commerce and the Federal Trade Commission.

In a world in which data is the exchange currency of the digital age, the EU-US Privacy Shield, combined with the new EU Data protection agreed in December 2015, makes Europe the worldwide standard setter for data privacy. It benefits  everyone, individuals  will see their rights protected, and businesses will be operate in a more stable legal context.


Online Services in the EU: both Local and Global, with the US as the Dominant Supplier, Joint Research Centre, European Commission


Simone Grassi, Bristol Is Open