The European Union and the United States have agreed a new deal to make it easier for organisations to transfer data across the Atlantic.
Last year the European Court of Justice ruled that the so-called “Safe Harbor” scheme was invalid. This followed leaks by whistleblower Edward Snowden that implied the US security services were analysing foreigners’ personal data held in the US.
Until this decision, the personal data of EU citizens could be exported to US organisations which had registered with the Safe Harbor scheme without the individuals’ consent. European organisations which had not signed up to Safe Harbor were generally unable to rely on US organisations to, for example, process their payrolls and carry out other administrative tasks, without breaching data protection laws which prohibit the transfer of personal data outside the EU.
This new Safe Harbor agreement has been named the EU-US Privacy Shield. Amongst its terms, the US Office of the Director of National Intelligence will give written commitments that Europeans’ personal data will not be subject to mass surveillance, something which does not give much comfort to privacy campaigners.
Safe Harbor 2 is still very much in its infancy and is likely to be hotly contested by civil liberties groups.