Privacy regulators: Commission ‘could do better’ on Privacy Shield

Whether the Commission will try remains to be seen

The Privacy Shield trans-Atlantic data transfer arrangement is better than its predecessor, Safe Harbor, but still not good enough, European Union data protection authorities said Wednesday.

They want the European Commission improve the deal it has negotiated with U.S. authorities to ensure that EU citizens' personal information receives privacy protection equivalent to that of EU law when it is exported to the U.S.

The authorities have been examining Privacy Shield since it was unveiled in February, and announced the results of their study Wednesday.

The deal is too complex, they say, as it is composed of a collection of legal instruments, letters and annexes rather than a single, easily understandable document.

Furthermore, the measures it proposes are themselves too complex. For example, the avenues available for addressing complaints are too numerous, making it "difficult for the end user to find the right interlocutor," said Isabelle Falque-Pierrotin, chairwoman of the Article 29 Working Party, an umbrella organization for European DPAs.

As it stands, Privacy Shield fails to adequately reflect key data protection principles, Falque-Pierrotin said at a news conference in Brussels. Further, it contains no revision mechanism to cope with the wholesale change in European privacy law that is expected to happen in 2018 with the introduction of the General Data Protection Regulation. A draft of this text will go before the European Parliament for vote later this week.

The members of the Article 29 Working Party made clear that they will withhold their support for Privacy Shield until the Commission has addressed their concerns.

The Commission may not care: The Working Party's role is purely advisory, and it cannot enforce its will on the Commission.

However, its members could ask the Court of Justice of the EU to rule on Privacy Shield's legality.

The new data transfer arrangement became necessary last October, when the court ruled the legal protections of its predecessor, Safe Harbor, inadequate under EU law. That case, pitting Austrian citizen Max Schrems against the Irish Data Protection Commissioner, had been referred to it by the High Court of Ireland.

Schrems was quick to react to the DPAs' verdict on Privacy Shield.

“I personally doubt that the European Commission will change its plans much. There will be some political wording, but I think they will still push it through," he said via email.

But he was optimistic about the prospects of a legal challenge in the light of the DPAs' negative opinion, he said.

Lobby group the Computer & Communications Industry Association focused on the good news, hailing Falque-Pierrotin's remark that Privacy Shield was "a major improvement," and glossing over the DPAs' request for clarifications.

While the DPAs' doubts about Privacy Shield's legal robustness are bad news for businesses reliant on trans-Atlantic data transfers, there was some good news: Falque-Pierrotin said the working party will not publish its views on the legality of other mechanisms for data transfer until the fate of Privacy Shield is finalized.

It has been conducting a study of those mechanisms, binding corporate rules and model contract clauses, since the CJEU overturned the Safe Harbor Agreement in October, but has yet to publish its findings.

That's important, because if the working party were to torpedo all the data transfer mechanisms allowed under the EU's 1995 Data Protection Directive, there would be no legal way for businesses to transfer personal information from the EU to the U.S. That would pose serious problems for multinational businesses or service providers processing payroll for Europeans in the U.S., and could threaten operations for companies such as Google or Facebook, which would have to split their networks into European and non-European segments.

Many companies have switched to the alternative legal mechanisms, and their continued validity is essential if data is to continue to flow across the Atlantic, according to another industry lobby group, DigitalEurope. 

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Safe HarborPrivacy Shield

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?