Privacy Shield, a new agreement between the European Union and the United States comes in effect today and should better protect the privacy of European citizens who have private data stored on American servers. Privacy Shield is the successor of the Safe Harbor treaty that was declared invalid by the European Court of Justice last year.
Companies participating in Privacy Shield will be regularly checked by the US Department of Commerce to see if they follow the rules. If companies do not comply in practice they face sanctions and removal from the list. In order to participate, American companies need to register and self-certify that they meet the data protection standards set out by the arrangement. They will have to renew their registration every year.
While a list of Privacy Shield participating members has not been published yet, the list of companies participating to its predecessor, Safe Harbor is available on the export.gov website. In this list we can find all major American technology companies like Apple, Amazon, Microsoft, Google and Yahoo. It's very likely that Safe Harbor participating companies will also participate in Privacy Shield.
Participating companies store data of Europeans according to the rules of Privacy Shield. This also means American secret services will get limited access to private data of Europeans and the United States has stated it won't perform indiscriminate mass surveillance on personal data transferred to the country. According to the Director of the American National Intelligence Agency they will only collect and use bulk data under under specific precondition that need to be as targeted and focused as possible.
Privacy Shield also ensures that European citizens can complain about their data is handled in the US, which was previously impossible. In case Europeans don't agree on how their data is handled they can address a complaint to their national privacy watchdog. The European privacy watchdog can then discuss this with its American counterpart, the FTC.
Privacy Shield will be reviewed every year by the European Union and the United States, and a yearly report will be issued to the European Parliament and Council.
