The European Commission has issued new guidance to companies on transatlantic data transfers and has called for a rapid creation of a new framework.
In October BCN reported how a ruling on the case of Schrems vs Data Protection Commissioner) rendered the US-EU Safe Harbour Agreement invalid as it was revealed that EU citizen’s data was being accessed by the US National Security Agency (NSA).
The Commission said it has stepped up talks with US authorities on a new framework and issued guidance to help companies comply with the ruling and work with alternative transfer tools.
“We need an agreement with our US partners in the next three months,” said EV VP Andrus Ansip, who is responsible for the Digital Single Market. “The Commission has been asked to take swift action: this is what we are doing. Today we provide clear guidelines and we commit to a clear timeframe to conclude current negotiations.”
“Citizens need robust safeguards of their fundamental rights and businesses need clarity in the transition period,” said Commissioner Vera Jourová, adding that 4,000 companies currently rely on the transatlantic data pact.
The EC guidelines advised on how data transfers can continue to be pursued by businesses in the interim period. It covers issues such as contractual solutions and contractual rules, binding Corporate Rules for intra-group transfers, derogations and the conclusion or performance of a contract. The guideline document, which is 7,981 words long, runs to 16 pages of challenging reading and is open to interpretation.
“As confirmed by the Article 29 Working Party, alternative tools authorising data flows can
still be used by companies for lawful data transfers to third countries like the United States,” concludes the guidance document. “However, the Commission considers that a renewed and sound framework for transfers of personal data to the United States remains a key priority.”
Enforcement against non-compliance with the Safe Harbour court ruling come into place at the end of January 2016.