Earlier today, July 12, 2016, the European Commission formally adopted the U.S. - E.U. Privacy Shield Agreement concerning the transfer of personal data (see link). The Privacy Shield Agreement consists of two parts, which can be found here and here.
On the E.U. side, the Privacy Shield Agreement enters into force immediately.
On the U.S. side, the Privacy Shield Agreement will be published in the Federal Register. After businesses have reviewed the Agreement and updated their policies, they can certify starting on August 1st with the U.S Department of Commerce their compliance with the Privacy Shield Agreement.
What does this mean for a business that previously claimed compliance with the Safe Harbor Agreement? Such businesses are not automatically grandfathered into Privacy Shield. Instead, as discussed above they will have to review and update their policies to certify to Privacy Shield's new standards.
Are international data transfers now settled? As discussed in a previous blog post, no. There is an expected legal challenge to the Privacy Shield Agreement. Moreover, compliance with Privacy Shield does not mean compliance with the forthcoming General Data Protection Regulation (GDPR), which will be in force in 2018.
updated on 7/14