By Ulrich Wuermeling, Gail Crawford and Jennifer Archie
Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor regime, such as more direct and active oversight by US regulators, more stringent privacy protections, and establishing an ombudsman at the State Department for EU citizens who wish to complain about data protection matters. However, as a legal and compliance matter, US companies who previously relied upon Safe Harbor to transfer EU data take significant compliance risk if they do nothing in anticipation of newly branded EU-US Privacy Shield framework being formally approved, given it is not yet documented and will be subject to review by the EU data protection supervisory authorities in the so-called Article 29 Working Party as well as representatives of the Member States and the European Parliament.