Previous Story
New data-sharing rules for EU and US adopted
Posted On Jul 13 2016
Comment: Off
“We have worked hard with all our partners in Europe and in the USA to get this deal right and to have it done as soon as possible”.
Last year, the European Court of Justice ruled that Safe Harbor was invalid, forcing the commission to start negotiations with the USA on a renewed and safe framework on transfer of personal data.
Clear safeguards and transparency obligations on USA government access: The US has given the European Union assurance that the access of public authorities for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms.
“Given the flawed premises - trying to fix data protection deficit in the U.S.by means of the Obama Administration’s assurances as opposed to meaningful legislative reform - it is not surprising that the new Privacy Shield, at least as it appears in the leaked version, remains full of holes and offers limited protections”.
Privacy Shield is the hastily arranged replacement, but despite being welcomed by businesses that are keen to have some legal certainty over data flows, the new deal has faced criticism from national data protection authorities, the European Data Protection Supervisor, and the European Parliament.
This will see the US Department of Commerce conduct regular updates and reviews of participating companies to see that the rules are being followed.
If they fail to do this, they can face fines and removal from the list.
The new so-called Privacy Shield was to replace the Safe Harbor framework, which the EU’s top court struck down in 2015 as insufficient after revelations in 2013 of mass spying by USA intelligence authorities. According to the Director of the American National Intelligence Agency they will only collect and use bulk data under under specific precondition that need to be as targeted and focused as possible.
The deal includes commitments by the USA to limit the use of bulk-collected intelligence, the appointment of a U.S. ombudsman to deal with complaints by European citizens, and fines for firms that do not comply.
“This deal is bad for users, which will not enjoy proper privacy protections and bad for businesses, which have to deal with a legally unstable solution”, Schrems said.
Data protection law expert Kuan Hon of Pinsent Masons, the law firm behind Out-Law.com, said that a legal challenge against the Privacy Shield is “very likely” to be brought before the courts.
Privacy Shield, though tougher than its predecessor, provides for easier transatlantic data movement than when there was no framework. The working party was critical of the early draft, in particular the way it left the door open to indiscriminate mass surveillance of Europeans’ data by USA authorities. The report will be made public and will also be presented to the European Parliament.
Companies transferring data from the European Union to the United States can adhere to the “Privacy Shield”, an agreement which lays down the rules and principles for the protection of European Union citizen’s personal data in the US1.
Max Schrems, the Austrian law student who successfully challenged Safe Harbour, said the Privacy Shield was “little more than a little upgrade to Safe Harbour”.
Next steps: The “adequacy decision” will be notified today to the Member States and thereby enter into force immediately.
Much of the negotiations leading to the Privacy Shield focused on clarifying USA eavesdropping limits.
Additional information regarding the new program is available on the BBB EU Privacy Shield website.
Safe Harbor allowed data to be transferred so long as companies stated they were in compliance with European privacy standards but United States tech companies have not been able to prevent agencies like the NSA from snooping on foreign data. Finally, under the Judicial Redress Act (which was signed into law in February of this year), citizens from designated countries will be allowed to enforce their data protection rights in USA courts.
