Privacy Shield: Toward a Strong Personal Data Protection Between The US and the EU?
Revue des Juristes de Sc Po, vol. 14, 2018
14 Pages Posted: 7 Jun 2019
Date Written: January 20, 2018
While the United States and the European Union share the goal of enhancing privacy protection, the United States uses a sectoral approach that relies on a mix of legislation, regulation and self-regulation. Moreover, the protection is guaranteed at the US Federal level and State level. In comparison, the EU chose to adopt an omnibus approach implemented throughin a single text to authorize the free movement of data inside the internal market. The Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data was enacted the 24 October 1995. It will be repealed by the Regulation 2016/679/EU of 27 April 2016 (General Data Protection Regulation or GDPR) which will enter into force and apply as ofthe 25 May 2018. The impact of the ddirective has been considerable. Despite the role of the United States in early global privacy debates (Fair Information Practices and OECD Privacy guidelines), the rest of the world has followed the EU model and enacted EU-style “data-protection” laws.”
Due to the differences of Privacy approaches between the US and the EU, the US sectorial legislation doesn’t provide an “adequate level of protection.” Nevertheless, in the absence of an adequacy decision and to compensate for the lack of data protection in a third country, some appropriate safeguards can be used. Such safeguards may consist of making use of binding corporate rules (BCR), standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or standard contractual clauses (SCC) authorized by a supervisory authority. Moreover, to build a mechanism for ensuring personal data transfers to the US from the EU, the US Department of Commerce and the European Commission adopted an ad hoc instrument, the so-called “safe harbor.” Based on the European Commission Decision 2000/520/EC of 26 July 2000, the safe harbor privacy principles and related frequently asked questions issued by the US Department of Commerce, is a voluntary process of self-regulation available to the US companies. This “non-legislative lawmaking” is a collaborative effort focused on the economic interests of both the US and the EU.
Keywords: GDPR, Privacy Shield, Safe Harbor, data protection, adequacy, US privacy
Suggested Citation: Suggested Citation