Following the collapse of the Safe Harbour regime last year, the European Commission and the US Department of Commerce have been working together to construct a replacement regime for the transfer of personal data from Europe to the US.

The creation of the Privacy Shield was first announced in February and, following months of wrangling concerning the adequacy of the Shield, it has now been approved and comes into force with immediate effect. The central aim of the Shield is to impose stronger obligations on US companies to protect the personal data of Europeans. These include: further requirements relating to greater transparency; conditions relating to the onward transfers of data; and greater sanctions if companies fail to comply with those obligations.

The major obstacle to finalising the Privacy Shield has been the level of access to European's personal data by US authorities. This issue has now been resolved and for the first time public authorities in the US have provided written commitments and assurances that there will be no indiscriminate or mass surveillance of personal data transferred from the EU.  An independent Ombudsperson mechanism has also been created to handle and resolve complaints from individuals regarding the processing of their personal data in the US.

In order for EU based organisations to share personal data with US companies under the Privacy Shield, the US organisations will need to self-certify that they meet the requirements of the Privacy Shield and display their privacy policy on their website. US based companies wishing to join the Privacy Shield regime can apply to the US Department of Commerce for Privacy Shield status from 1 August 2016.

Bevan Brittan's Information Law Team specialise in assisting organisations with the legal transfer of personal data to the US.  If you require advice in relation to data sharing with the US, please contact Emma Godding or Jonathan Moore.