Not logged in » Login

Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now

Recent Discussion:

NickBown | 22.12.2018, 14:18
We have come across this issue as well, and don't seem to have found a way around it (the server is ...
NickBown | 20.12.2018, 18:40
Hi everyoneWe've got an RX2540 M1 which won't boot past the Fujitsu splash screen (which shows the i...
MarkM | 15.10.2018, 11:33
Hi there.I do not believe the Fujitsu policy on this subject has changed.So NO you can not order dri...
Feb 04 2016

EU Commission and United States Agree on "Privacy Shield" [Update]

Following the EU Court of Justice's decision to scrap the so-called Safe Harbor Agreement, both parties had to set up a new arrangement. Today (February 2) the EU Commission's Vice President Andrus Ansip (Estonia) and Věra Jourová, Commissioner for Justice, Consumers and Gender Equality (Czech Republic), announced they had settled on a "new framework for transatlantic data flows," the so-called EU-US Privacy Shield.

According to the official press release, the key points of the arrangement are as follows:

  • "Strong obligations on companies handling Europeans' personal data and robust enforcement: U.S. companies wishing to import personal data from Europe will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed. The Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US. Federal Trade Commission. In addition, any company handling human resources data from Europe has to commit to comply with decisions by European DPAs.
  • "Clear safeguards and transparency obligations on U.S. government access: For the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement. To regularly monitor the functioning of the arrangement there will be an annual joint review, which will also include the issue of national security access. The European Commission and the U.S. Department of Commerce will conduct the review and invite national intelligence experts from the U.S. and European Data Protection Authorities to it.
  • "Effective protection of EU citizens' rights with several redress possibilities: Any citizen who considers that their data has been misused under the new arrangement will have several redress possibilities. Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created."

The College of Commissioners approved the political agreement reached and has mandated Ansip and Jourová to prepare a draft "adequacy decision," which could then be adopted by the College after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. In the meantime, the U.S. side will make the necessary preparations to put in place the new framework, monitoring mechanisms and new Ombudsman.

Reactions from lawyers and the data protection/civil rights community have been reserved at best. To get an impression, check out Iain Thomson's piece at The Register.

[Update 02-04-16:] Meanwhile, the U.S. Department of Commerce has published its own explanation about how the Privacy Shield is supposed to work. The text is here. In addition, expert and civil rights groups have released statements covering the agreement, among them the European Digital Rights initiative (EDRi). Their criticism is based on other legal provisions the U.S. Congress has either put in place last year or is still negotiating, such as the Cybersecurity Act of 2015 and the planned Judicial Redress Act. Industry associations like Germany's BITKOM offer a more positive, if somewhat reserved take on things. The EU's Article 29 Working Party, which assembles representatives from member states' data protection authorities, welcomed the introduction of the Privacy Shield in a press release, stating that it now "looks forward to receive the relevant documents in order to know precisely the content and the legal bindingness of the arrangement and to assess whether it can answer the wider concerns raised by" the EU Court of Justice's decision to declare the Safe Harbor Agreement invalid. European companies that regularly transfer data to the U.S. and relied on the Safe Harbor rules to date should seek for alternate ways to legalize the process; otherwise they might provoke a conflict with their national data protection agencies.


Comments on this article

No comments yet.

Please Login to leave a comment.