If you are anxious for more details about the new EU-US Privacy Shield agreement, you are in luck. The entire framework can now be found here. This plan guarantees that private information from EU citizens will receive the same protections in the US as it would if the data was being used within the European Union. If a company does not agree to comply, they cannot export electronic information to the US.
As with the now defunct Safe Harbor principles, those wishing to use Privacy Shield must self-certify that they follow the principles laid out in the framework. The document that was released is a draft opinion that will not become effective until the European Commission gives it final approval. Once that happens, the Department of Commerce will start accepting certifications. Participation is voluntary, but once certified, companies will be required to provide information on how they protect the integrity of the information.
If an EU citizen complains that their personal information has been mishandled under Privacy Shield, the company in question will have 45 days to reply to the complaint. If the situation is not resolved in that time, they will have the opportunity to move on to binding arbitration.
Another change will be an enhanced role for the Department of Commerce. That will include verifying information provided as part of the self-certification process, conducting periodic compliance reviews and assessments of the program, facilitating arbitration programs and participating in annual reviews with EU official.