Safe Harbour could be replaced by EU-US Privacy Shield in July - but it won't directly affect the UK

The UK will have to draw up its own data-sharing pact with the US and the EU after Brexit

Privacy Shield, the deal agreed between the European Union and the US to replace Safe Harbour, has undergone final amendments and could be in effect by July.

The data protection arrangement had to be put in place after Safe Harbour was deemed illegal last October because the privacy of European citizens' data could not be guaranteed.

But it too has run into numerous issues. Just last month the European Data Protection Supervisor (EDPS) Giovanni Buttarelli raised concerns about the data-sharing pact, claiming that it wasn't robust enough to stand up to proper legal scrutiny. While in April, EU data protection authorities warned that the deal's protections were still not good enough, and said it did little to counter the risk of "massive and indiscriminate collection of personal data originating from the EU".

The pact has since been tweaked to include a promise from the US in regards to the treatment of EU data. The US has agreed in principle that the bulk collection of data from the EU can only happen if the conditions of the data have been agreed before any transfer, and it must be "as targeted and focused" as possible to avoid large swathes of EU citizen data being stored in the US, under the noses of the NSA. The US Office of the Director of National Intelligence will also have to provide a commitment that the data collected on EU citizens will not be used for mass surveillance.

In addition, companies have to delete retained data when it is no longer required for the purpose for which it was collected. Under the rules, the US ombudsman, which will be set up to oversee complaints relating to the data-sharing pact, will have to operate completely independently from the US security services. The EU and US will also have to undertake annual reviews of the system.

If EU member states are all in agreement, the Privacy Shield could come into force as early as July.

However, after the UK's decision to quit the EU, the legislation will now not directly affect this country, much in the same way that the General Data Protection Regulations (GDPR) also do not apply to the UK because of Brexit. However, as with GDPR, the UK is likely to have to mirror much of the legislation in its own data-sharing pacts with the US and the EU, which could take a number of years to formulate.