Tras unas largas negociaciones la Comisión Europea ha anunciado ayer un acuerdo
con EEUU sobre el futura de la protección de la privacidad en transferencias de
datos internacionales que prevé la creación del escudo de protección de
privacidad entre EEUU y la UE, el “EU-US Privacy Shield”. Ya nos adelantaba
Vera Jourova en una entrevista concedida a Lawyerpress
que el acuerdo estaba cerca.
"El Escudo de Privacidad protegerá los derechos fundamentales de los europeos
cuando sus datos de carácter personal se transfieren a las empresas
estadounidenses. Por primera vez en la historia, EEUU han dado garantías
vinculantes a UE de que el acceso de las autoridades públicas con fines de
seguridad nacional estará exclusivamente sujeto a despejar limitaciones,
garantías y mecanismos de supervisión", comentaba ayer la comisaria Jourova,
responsable
de
Justicia, Consumidores e Igualdad de Género.
Su colega y vicepresidente en la Comisión, Andrus
Ansip, responsable del Mercado Único Digital afirmaba: “Hemos llegado a una
acuerdo sobre un nuevo marco potente para la transferencia de datos con los EEUU.
Nuestra gente puede estar segura de que sus datos personales están totalmente
protegidos. Nuestras empresas, especialmente las más pequeñas, tienen la
seguridad jurídica que necesitan para desarrollar sus actividades más allá del
Atlántico."
La Comisión Europea destacó en su comunicad los siguientes puntos
del acuerdo:
Strong obligations on companies handling Europeans' personal data and robust
enforcement: U.S.
companies wishing to import personal data from Europe will need to commit to
robust obligations on how personal data is processed and individual rights are
guaranteed. The Department of Commerce will monitor that companies publish their
commitments, which makes them enforceable under U.S. law by the US. Federal
Trade Commission. In addition, any company handling human resources data from
Europe has to commit to comply with decisions by European DPAs.
Clear safeguards and transparency obligations on U.S. government access: For
the first time, the US has given the EU written assurances that the access of
public authorities for law enforcement and national security will be subject to
clear limitations, safeguards and oversight mechanisms. These exceptions must be
used only to the extent necessary and proportionate. The U.S. has ruled out
indiscriminate mass surveillance on the personal data transferred to the US
under the new arrangement. To regularly monitor the functioning of the
arrangement there will be an annual joint review, which will also include the
issue of national security access. The European Commission and the U.S.
Department of Commerce will conduct the review and invite national intelligence
experts from the U.S. and European Data Protection Authorities to it.
Effective protection of EU citizens' rights with several redress possibilities: Any
citizen who considers that their data has been misused under the new arrangement
will have several redress possibilities. Companies have deadlines to reply to
complaints. European DPAs can refer complaints to the Department of Commerce and
the Federal Trade Commission. In addition, Alternative Dispute resolution will
be free of charge. For complaints on possible access by national intelligence
authorities, a new Ombudsperson will be created.