On February 2, 2016 the European Commission and the United States came to an agreement on a replacement for the Safe Harbor framework which was declared invalid on October 6, 2015 after 16 years of governing Trans-Atlantic data transfers. The new framework known as EU-US Privacy Shield will incorporate more stringent obligations on US companies to protect the personal data of Europeans that is transferred to the United States.
The new agreement will include the following provisions:
Strong obligations on companies handling Europeans’ personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission.
Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement.
Effective protection of EU citizens’ rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.
The EU College of Commissioners has charged Vice-President Ansip and Commissioner Jourova with preparing the appropriate steps over the coming weeks which will allow the new agreement to be put into place. However, the final terms are not expected to be in place for a couple of months. In the meantime, the Article 29 Working Party, comprised of representatives from the data protection authorities (DPAs) from European member states, has stated that it will not take action against companies that have been utilizing other data transfer methods since Safe Harbor was invalidated.
Safeguarding personal information, whether abroad or here at home, will never cease being a major concern to all businesses. The FTC has provided common sense guidance in the following publication https://www.ftc.gov/system/files/documents/plain-language/pdf0205-startwithsecurity.pdf
Hire Image is committed to the security of the personal information we deal with every day. We are proud to be accredited by the Background Screening Credentialing Council, demonstrating our commitment to the highest standards in consumer data protection and best practices in our industry. Hire Image is among just 62 agencies nationwide that have achieved this recognition from the National Association of Professional Background Screeners (NAPBS).
