Accessibility Links

The EU-US Privacy Shield Framework has been launched. What does it mean for the UK data protection?


A new EU-U.S. Privacy Shield for stronger protection data flows was adopted on the 12th July 2016.

According to the European Commission press release, “this new framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States as well as bringing legal clarity for businesses relying on transatlantic data transfers.”


A free and more regulated movement of data across borders will enable European and U.S. companies to offer the best service and products to consumers, creating economic growth and job increases for both the U.S. and the EU.
The European Commission said that the Privacy Shield, which has replaced the “Safe Harbour’ Scheme”, puts stronger obligations on U.S. companies handling and accessing new data coming from the EU. Under the Privacy Shield US companies will be able to “self-certify” that they have followed the privacy principles outlined in the framework.

The rules govern numerous aspects including the collection of personal information by US companies such as Facebook and Google on European citizens and how that data is held and who can access it, ensuring the privacy rights of people in the EU are met by companies in the U.S., where rules are different.

"For businesses, the framework will facilitate more trade across our borders, more collaboration across the Atlantic, and more job creating investments in our communities. For consumers, the framework will ensure you have access to your favourite online services and the latest technologies, while strongly protecting your privacy." U.S .Commerce Secretary Penny Pritzker said.

"Privacy Shield sets a new high standard for EU-U.S. data transfers. It is a major privacy win for consumers and it provides legal clarity for thousands of European and U.S. firms," said Christian Borggreen, European Director of Computer and Communications Industry Association, whose members include the likes of, Google and Microsoft.
For more information click here.



While we are all waiting for the consequences of Brexit to fully materialise, it is important to recognise that the result of the referendum won’t change anything immediately and it is highly likely that the UK will continue to be heavily influenced by EU laws.
However, the EU data protection laws prohibit transfers of personal data to countries outside the European Economic Area (EEA), unless they have been recognised as providing “adequate protection” to personal data.

If the UK is not classified as “adequate” post Brexit, UK companies receiving data from the EEA will need to re-think their data protection compliance strategy and put in place adequate safeguards. It is hard to predict the range of legal changes to the UK’s data protection regime resulting from Brexit but once the UK leaves the EU the Privacy Shield will not cover transfers from the UK to the U.S.. Hopefully however, the Information Commissioner's Office (ICO) could approve the Privacy Shield as an adequate means of data transfer from the UK to the U.S., or it could establish a similar framework. 



Add new comment