At the beginning of February, the European Commission issued a Communication showing the new purposes concerning transatlantic data flows and personal data protection rules. In October 2015, the Court of Justice of the European Union declared null and void the previous Safe Harbor Agreement on the ground that it was not able to ensure Europeans having suitable data-protection. In order to reach a new regulation, US and EU approved the EU – US Privacy Shield Deal, but they did not immediately define its specific provisions. However, the Deal was received positively by the American officers, who have declared “no more mass or indiscriminate supervision by national security authorities”.

Few days ago, the European Commission published the details of such new agreement, including a draft “decision on adequacy” as well as the texts, which constitute the EU-U.S. Privacy Shield together with the US government’s commitments.

Did they keep their promises? First, the new deal provides strong obligations on companies and strict enforcement of the rules trough an effective supervision mechanism to ensure that companies respect their obligations including fines or the exclusion in case of non compliance.

It sets up clear safeguards and transparency duties upon the U.S. government in order to exclude his generalised access to personal data. Except from specific case (such as in case of national security), a mass or indiscriminate supervision will no more be allowed.

Effective protection of EU citizens’ rights is guaranteed by several redress possibilities.

The Ombudsperson, supposedly independent of the national security services, will control the national intelligence accesses, follow-up complaints and requests of information and assess possible breaches of the relevant laws. If the EU citizens consider inappropriate the use of their personal data, they can complain with the companies that will have to find a decision by 45 days. They can also apply their national Data Protection Authorities, which will work with the Federal Trade Commission in order to investigate and resolve disputes. Furthermore, disputes could be submitted to arbitration.

An annual joint review will monitor the work of the Privacy Shield. The European Commission and the U.S. Department of Commerce will execute the review.

In addition, last week President Mr. Obama signed the US Judicial Redress Act. In U.S. opinion, it will extend to EU citizens, privacy and data protection already provided for Americans. However, many exceptions are applicable to concrete cases.

As next step: Article 29 Working Party will be submitted to the committee (composed by Member States and Privacy European Authority representatives) who give its opinion, before the final decision of the EU College.