02-23-16 | Blog Post
The European Commission has confirmed a replacement for Safe Harbor, the law that protected data transfers between the United States and the European Union, and expects it to be enforced within three months, according to computerweekly.com.
On Feb. 2, the European Union announced details of the EU-US Privacy Shield deal, which will replace the now-invalid Safe Harbor law. The new Privacy Shield law is expected to keep the seven principles of Safe Harbor intact, and will provide enhancement to two specific principles: Notice and Enforcement.
For citizens in the US or EU who wish to file a complaint, the U.S. Department of Commerce is creating a committee to investigate those complaints, and a chain of command will be available for consumers who wish to escalate their complaint.
Currently, the framework of the new law is under review by the Article 29 Working Party, and once it is approved there, it will be sent to the EU Court Commission. Once the Commission approves the law, it will be enacted. That process is expected to take at least three months.
In the meantime, technology companies are taking a wait-and-see approach. Once Safe Harbor was invalidated, companies had until January 31 to phase out the old law. The Article 29 Working Party has asked for all documents pertaining to the new law to be given to them by the end of February, and will then consider whether data transfer mechanisms such as Standard Contractual Clauses and Binding Corporate Rules can still be used to transfer data to the U.S. Until then, these mechanisms are still in place, and the Department of Commerce is still accepting Safe Harbor renewal applications. We’ll keep you posted as more updates come in.