The following communication was issued by the European Commission in February after publishing a legal framework known as the EU-U.S. Privacy Shield to protect individuals’ privacy rights following the 2013 disclosure by Edward Snowden of mass surveillance programs conducted by the U.S. intelligence community.
Transatlantic Data Flows: Restoring Trust through Strong Safeguards
Page Count: 15 pages
Date: February 29, 2016
Originating Organization: European Commission
File Type: pdf
File Size: 429,659 bytes
File Hash (SHA-256):9063D87E9384DE7D55731A65076A1F39FA908B55C6ACE18F377E5D3300A8A645
A solid transatlantic partnership between the European Union and the United States is as vital today as it has ever been. We share common values, pursue shared political and economic objectives, and cooperate closely in the fight against common threats to our security. The enduring strength of our relationship is evidenced by the extent of our commercial exchanges and our close cooperation in global affairs.
The transfer and exchange of personal data is an essential component underpinning the close links between the European Union (EU) and the United States (U.S.) in the commercial area as well as in the law enforcement sector. These data exchanges require a high level of data protection and corresponding safeguards.
In June 2013, reports concerning large-scale intelligence collection programmes in the U.S. raised serious concerns at both EU and Member State level about the impact on the fundamental rights of Europeans of large-scale processing of personal data by both public authorities and private companies in the United States.
In response, on 27 November 2013 the Commission issued a Communication on Rebuilding Trust in EU-U.S. Data Flows setting out an action plan to restore trust in data transfers for the benefit of the digital economy, the protection of European individuals’ rights, and the broader transatlantic relationship. The Communication set out the following key actions to achieve this objective:
(i) adopting the data protection reform package proposed by the Commission in 2012;
(ii) making the Safe Harbour safer on the basis of the 13 recommendations laid out in the Communication on the Safe Harbour; and
(iii) strengthening data protection safeguards for law enforcement cooperation, notably by concluding negotiations on the EU-U.S. Data Protection Umbrella Agreement. The latter also included the objective of obtaining commitments from the U.S. on enforceable individual rights, including avenues for obtaining judicial redress, in particular through the enactment of a Judicial Redress Act extending certain rights enshrined in the 1974 U.S. Privacy Act to EU citizens that at the time were only available to U.S. citizens and permanent residents.
These objectives were reaffirmed in the political guidelines of the Juncker Commission: “Data protection is a fundamental right of particular importance in the digital age. In addition to swiftly finalising the legislative work on common data protection rules within the European Union, we also need to uphold this right in our external relations. In view of recent mass surveillance revelations, close partners such as the United States must convince us that the current safe harbour arrangements really are safe if they want them to continue. The U.S. must also guarantee that all EU citizens have the right to enforce data protection rights in U.S. courts, whether or not they reside on U.S. soil. This will be essential for restoring trust in transatlantic relations.”
Since then, the Commission has worked to achieve these objectives. The Commission stepped up negotiations on the Umbrella Agreement which was initialled by the parties on 8 September 2015. The inter-institutional discussions on the data protection reform package were intensified, resulting in a political agreement between the Council and the European Parliament on 15 December 2015. As for transatlantic data transfers in the commercial sphere, the Commission began discussions with the U.S. to strengthen the Safe Harbour in January 2014. The invalidation of the Safe Harbour Decision by the Court of Justice in the Schrems ruling on 6 October 2015 confirmed the need for a renewed framework and provided further guidance on the conditions that the framework should fulfil. Following the ruling, on 6 November 2015 the Commission issued guidance for companies setting out the alternative tools that allow the continued transfer of personal data to the United States. On 2 February 2016, a political agreement was reached on a new framework for transatlantic data flows, the EU-U.S. Privacy Shield, to replace the previous arrangement.