Tras unas largas negociaciones la Comisión Europea ha anunciado ayer un acuerdo con EEUU sobre el futura de la protección de la privacidad en transferencias de datos internacionales que prevé la creación del escudo de protección de privacidad entre EEUU y la UE, el “EU-US Privacy Shield”.  Ya nos adelantaba Vera Jourova en una entrevista concedida a Lawyerpress que el acuerdo estaba cerca.

"El Escudo de Privacidad protegerá los derechos fundamentales de los europeos cuando sus datos de carácter personal se transfieren a las empresas estadounidenses. Por primera vez en la historia, EEUU han dado garantías vinculantes a UE de que el acceso de las autoridades públicas con fines de seguridad nacional estará exclusivamente sujeto a despejar limitaciones, garantías y mecanismos de supervisión", comentaba ayer la comisaria Jourova, responsable de Justicia, Consumidores e Igualdad de Género.

Su colega y vicepresidente en la Comisión, Andrus Ansip, responsable del Mercado Único Digital afirmaba: “Hemos llegado a una acuerdo sobre un nuevo marco potente para la transferencia de datos con los EEUU. Nuestra gente puede estar segura de que sus datos personales están totalmente protegidos. Nuestras empresas, especialmente las más pequeñas, tienen la seguridad jurídica que necesitan para desarrollar sus actividades más allá del Atlántico."

La Comisión Europea destacó en su comunicad los siguientes puntos del acuerdo:

Strong obligations on companies handling Europeans' personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission. In addition, any company handling human resources data from Europe has to commit to comply with decisions by European DPAs. 

Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review and invite national intelligence experts from the U.S. and European Data Protection Authorities to it. 

Effective protection of EU citizens' rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.