Following lengthy and complicated negotiations, the European Commission has agreed a preliminary deal with US institutions to replace Safe Harbor, which was effectively struck down by the European Court of Justice (ECJ) in October 2015. Here are some thoughts by Luca Schiavoni , Senior Analyst, Regulation at Ovum:

“The agreement ensures that US companies handling EU citizens’ personal data will be able to carry on doing so.”

“The new framework will be more burdensome than the previous one, because it provides for transparency obligations and regular checks on how companies will handle the personal data they transfer to the US. In addition, there will be annual reviews of the functioning of the agreement, which is likely to provide an incentive for all parties to make it work in practice and should be an effective way to ensure that the framework remains up to date.”

“The development should come as no surprise to any of the stakeholders involved, given that a review of the Safe Harbor agreement was on the cards even before the ECJ’s decision. The EC, together with the national Data Protection Authorities, has been much less tolerant of privacy breaches for quite a few years now. The drafts that will be set out in the coming months will reveal the details of the dispute resolution and redress mechanisms, which will ensure that EU citizens’ complaints can be handled properly if they fall victim of data breaches. However, we now need to wait for US legislators to pass a judicial redress act as promised – something they should get round to soon if they have the interest of US tech companies at heart.”