EU-US Privacy Shield in a Nutshell

  1. US companies that wish to receive personal data from the EU will be required to commit to stronger obligations on how personal data is processed and how individual rights are guaranteed.
  2. The US Department of Commerce will monitor companies who process EU data, thereby making their commitments enforceable by the US Federal Trade Commission under US law.
  3. US companies handling human resources data from the EU have to comply with decisions of European data protection authorities.
  4. Access of US law enforcement and national security authorities to personal data transferred under the Privacy Shield will be subject to clear limitations, safeguards and oversight. Exceptions are allowed only to the extent necessary and proportionate.
  5. Citizens who believe that their data has been misused under the new arrangement will have several redress possibilities. Alternative dispute resolution will be free of charge.
  6. Companies will be required to reply to complaints within a set timeframe.
  7. European data protection authorities will be able to refer complaints to the US Department of Commerce and the Federal Trade Commission.
  8. Complaints on possible access by national intelligence authorities will be referred to an Ombudsperson that will be created.