The Article 29 Working Party (WP29), consisting of the data protection authorities (DPAs) of all 28 European Union (EU) Member States, met February 2-3 to discuss the future of EU-U.S. data flows. The meeting coincided with an end-of-January deadline that WP29 had set for the European Commission and U.S. Department of Commerce to provide a replacement for the invalidated U.S.-EU Safe Harbor framework (Safe Harbor). Fortunately, the European Commission announced the successful conclusion of those negotiations yesterday and introduced the “EU-U.S. Privacy Shield” (Privacy Shield) to WP29 at their meeting in Brussels.
Today, WP29 released a statement welcoming the conclusion of the negotiations on the replacement framework. The WP29 agreed to partially extend the deadline for widespread enforcement actions until they review the Privacy Shield framework documents in detail – a timeline which will likely bleed into late March and early April. The WP29 reiterated that EU Member State DPAs will continue to deal with EU-U.S. data flows cases and complaints on a case-by-case basis as they normally would.
The WP29 was also clear about what they expect from any data transfer mechanism – including clear program rules, necessity and proportionality tests regarding national security access, independent oversight mechanisms, and individual remedies. To read more about the WP29 expectations and company guidance, see today’s Client Alert on the WP29 Privacy Shield reaction.