Screenshot 2016-04-13 14.29.02

Today the EU-U.S. Privacy Shield cleared one of the final hurdles on the path to regulatory approval as representatives from EU Member States voted to support the new EU data transfer framework. The “Article 31” Committee is made up of representatives from the EU Member States and their endorsement is binding. The vote today was overwhelmingly positive with just Austria, Croatia, Slovenia, and Bulgaria abstaining.

This is the vital last step before formal adoption of the new international data transfer framework published in February to replace Safe Harbor. The EU-U.S. Privacy Shield framework is the product of two years of intensive negotiations and represents the commitment of the EU and the U.S. Government to securing the vital transatlantic data flows which are such an integral part of the information economy.

In a press statement this morning Vice-President Ansip and Commissioner Jourová from the European Commission said:

Today Member States have given their strong support to the EU-U.S. Privacy Shield, the renewed safe framework for transatlantic data flows. Both consumers and companies can have full confidence in the new arrangement, which reflects the requirements of the European Court of Justice.”

Path to EU Regulatory Approval

Before Privacy Shield could be up and running a draft adequacy decision from the European Commission had to be approved by a European “comitology” procedure, which involved (i) insight from the Article 29 Working Party (formed of EU regulators), (ii) a binding opinion from the EU Member State representatives, and (iii) formal adoption of the adequacy decision by the EU College of Commissioners.

In April the Article 29 Working Party asked for clarification in a number of areas to address their ongoing concerns. Now according to Commission officials the revised draft includes a number of additional clarifications and improvements on U.S. mass surveillance powers, the role of the “ombudsperson” who will adjudicate complaints from EU citizens about their data, and the onward transfer of EU citizens’ data to other companies. The final text places the obligation on the third party to tell the company on the Privacy Shield register when they cannot offer sufficient protection to EU citizens’ data.

Formal Adoption expected by July 12

After today’s positive vote the final stage in the EU Regulatory approval process is formal adoption by the EU Commissioners which is expected to take place on Monday July 11 with an official announcement and copy of the final text on Tuesday, July 12. The Department of Commerce is expected to start accepting submissions to the program in August.

How TRUSTe can help?

Once the EU-U.S. Privacy Shield is formally adopted TRUSTe will amend its certification standards to reflect the new framework and support companies in assessing and verifying that their data protection practices are compliant with the Privacy Shield principles and ready for self-certification with the U.S. Department of Commerce.

TRUSTe has a range of solutions to address both customer and HR / employee data transfer components of the EU-U.S. Privacy Shield. For more information on TRUSTe’s EU Data Transfer solutions visit or call on 1-888-878-7830.