Abstract

Another EU-U.S. agreement on transatlantic personal data flow was signed on 12 July 2016. Commission Decision 2016/1250 has replaced the previous decision 2000/520/EC, which was invalidated by the judgment of the European Court of Justice in the Schrems case C-362/14 at the end of last year. The new program, called the Privacy Shield, is an enhanced version of the Safe Harbor scheme. The proposed solutions aim to strengthen the rights of persons whose data are transferred to the U.S. by facilitating redress mechanisms and strengthening control activities of the U.S. Department of Commerce over American organizations. Although the Privacy Shield formally complies with legal data transfer requirements, set in Directive 95/46/EC, according to many critics they fail to introduce a higher standard for personal data protection in the U.S. The new name of the Privacy Shield stands for the same system that operated within the Safe Harbor. The disadvantages that contributed to the devaluation of the previous program, including self-regulation and self-certification principles, continuously apply. In addition, experts and representatives of privacy protecting institutions emphasize that the new decision fails to restrict access to personal data of EU citizens by American services. However, a reliable assessment of whether the provisions of the Privacy Shield are implemented in practice and contribute to better protection of personal data transferred to the United States will be possible only after several years.