The European Union and the US have agreed on the final amendments to a new trans-Atlantic data transfer framework, which will replace the Safe Harbor agreement.
The changes include strict rules for companies holding data on European citizens and clear limits on US surveillance.
A revised agreement has been sent to EU Member States, and a vote is anticipated to take place early next month. Companies will be able to subscribe to the Privacy Shield after the approval.
The EU-US Privacy Shield will make it easier for organisations to transfer information throughout the Atlantic.
According to the amendments, bulk collection of data sent from the EU to the US can only take place if conditions have been agreed prior to the transfer and it must be as targeted and focused as possible.
Other new clauses in the deal require companies to delete data that no longer serves the purpose for which it was originally collected.
In addition, the ombudsman that oversees the deal must be independent from national security services.
The UK’s Information Commissioner Office (ICO) said Britain, which has recently decided to leave the EU, may have to adopt EU data protection rules to trade with it.
An ICO spokesperson said: "The Data Protection Act remains the law of the land irrespective of the referendum result.
"If the UK is not part of the EU, then upcoming EU reforms to data protection law would not directly apply to the UK. But if the UK wants to trade with the Single Market on equal terms we would have to prove ‘adequacy’ – in other words UK data protection standards would have to be equivalent to the EU’s General Data Protection Regulation framework starting in 2018.
"With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens."
