On 2 and 3 February, the G29, a group made up of the various European supervisory authorities (including the CNIL in France), assessed the consequences of the Court of Justice's decision to invalidate the Safe Harbor agreement on transfers of personal data from the European Union to the United States.
The G29 has welcomed the so-called " EU-U.S. Privacy Shield ", concluded between the United States and the European Commission, but nevertheless recalled that this agreement should be analysed by itself between now and next April in order to determine whether it complies with the essential European guarantees identified by the G29 since the judgment of 6 October 2015, namely:
- "Treatment must be based on clear, precise and comprehensible rules;
- "Proportionality with regard to the objective pursued must be demonstrated".;
- "An independent control mechanism must exist".and
- "Citizens must be offered the possibility of an effective remedy ".
While awaiting the G29's analysis, BCRs (Binding Corporate Rules) and the European Commission's standard contractual clauses remain the only tools available to companies for transferring personal data outside the EU.