Menu
EU adds detail to Privacy Shield agreement, prepares to give it force of law

EU adds detail to Privacy Shield agreement, prepares to give it force of law

The agreement that will allow the export of EU citizens' personal data to the US for processing is taking shape

The European Commission has detailed the steps businesses must take to comply with the Privacy Shield data protection agreement reached with U.S. authorities earlier this month, and published a draft of the order that will give it force of law.

Privacy Shield is the replacement for the Safe Harbor agreement torn up by the Court of Justice of the European Union last October.

Like its predecessor, is intended to ensure that the personal data of EU citizens benefits from the same privacy protections when processed in the U.S. as it would within the EU. The court found the Safe Harbor agreement lacking in a number of respects, prompting officials on both sides of the Atlantic to negotiate a new agreement that would answer the court's concerns.

On Feb. 2, the Commission announced that it expected written assurances from the U.S. on a number of points, but did not immediately publish the details.

Last Tuesday, U.S. Secretary of Commerce Penny Pritzker forwarded those assurances to Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality, and on Monday, the Commission made these letters public, and issued a draft adequacy decision, the legal mechanism by which Privacy Shield is formally recognized as providing the same privacy guarantees as EU law.

EU member states and national data protection authorities will have a chance to review and comment on the draft adequacy decision before it becomes final.

The Commission also published the principles to which businesses will have to agree when they self-certify their compliance with the Privacy Shield agreement.

The agreement includes the creation of an ombudsperson to deal with complaints from EU citizens regarding U.S. surveillance of their communications and online activities.

Brussels-based business lobby group DigitalEurope said it welcomed the publication of the draft adequacy decision. The group counts Apple, Google and Microsoft among its members.

"Our companies are committed to ensuring a high level of data protection when executing transatlantic data transfers and are committed to working quickly to assess and implement the new framework, which contains additional new obligations," said its director general John Higgins via email.

For the Computer and Communications Industry Association (CCIA), based in Washington, D.C., "The Privacy Shield will provide strong privacy safeguards and legal certainty for companies, and enhances transatlantic trust." CCIA's members include Amazon.com, Ebay, Google, Microsoft and Yahoo.

However, Max Schrems, the Austrian whose complaint to the Irish Data Protection Commissioner about Facebook's handling of his personal data led to the end of Safe Harbor, remains unsatisfied with the new deal.

"The EU and the U.S. tried to put about ten layers of lipstick on a pig, but the core problems were obviously not solved," he said via email.

Schrems highlighted a number of unsatisfactory elements in the letters from U.S. authorities published by the Commission on Monday, including an authorization of bulk surveillance in Presidential Policy Directive 28.

PPD28 provides for six conditions under which bulk surveillance may be used: detecting and countering certain activities of foreign powers; counterterrorism; counter-proliferation; cybersecurity; detecting and countering threats to U.S. or allied armed forces, and combating transnational criminal threats, including sanctions evasion.

It also allows for some circumstances under which it must be used, such as to identify new or emerging threats, but notes that, whenever practicable, signals intelligence collection activities are conducted in a targeted manner rather than in bulk.

However, the CJEU found all use of bulk surveillance compromised the right to respect for private life.

"Basically, the U.S. openly confirms that it violates EU fundamental rights in at least six cases," Schrems said. "The Commission claims that there is no 'bulk surveillance' anymore, when its own documents say the exact opposite thing."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments