Menu
Privacy regulators: Commission ‘could do better’ on Privacy Shield

Privacy regulators: Commission ‘could do better’ on Privacy Shield

Whether the Commission will try remains to be seen

The Privacy Shield trans-Atlantic data transfer arrangement is better than its predecessor, Safe Harbor, but still not good enough, European Union data protection authorities said Wednesday.

They want the European Commission improve the deal it has negotiated with U.S. authorities to ensure that EU citizens' personal information receives privacy protection equivalent to that of EU law when it is exported to the U.S.

The authorities have been examining Privacy Shield since it was unveiled in February, and announced the results of their study Wednesday.

The deal is too complex, they say, as it is composed of a collection of legal instruments, letters and annexes rather than a single, easily understandable document.

Furthermore, the measures it proposes are themselves too complex. For example, the avenues available for addressing complaints are too numerous, making it "difficult for the end user to find the right interlocutor," said Isabelle Falque-Pierrotin, chairwoman of the Article 29 Working Party, an umbrella organization for European DPAs.

As it stands, Privacy Shield fails to adequately reflect key data protection principles, Falque-Pierrotin said at a news conference in Brussels. Further, it contains no revision mechanism to cope with the wholesale change in European privacy law that is expected to happen in 2018 with the introduction of the General Data Protection Regulation. A draft of this text will go before the European Parliament for vote later this week.

The members of the Article 29 Working Party made clear that they will withhold their support for Privacy Shield until the Commission has addressed their concerns.

The Commission may not care: The Working Party's role is purely advisory, and it cannot enforce its will on the Commission.

However, its members could ask the Court of Justice of the EU to rule on Privacy Shield's legality.

The new data transfer arrangement became necessary last October, when the court ruled the legal protections of its predecessor, Safe Harbor, inadequate under EU law. That case, pitting Austrian citizen Max Schrems against the Irish Data Protection Commissioner, had been referred to it by the High Court of Ireland.

Schrems was quick to react to the DPAs' verdict on Privacy Shield.

“I personally doubt that the European Commission will change its plans much. There will be some political wording, but I think they will still push it through," he said via email.

But he was optimistic about the prospects of a legal challenge in the light of the DPAs' negative opinion, he said.

Lobby group the Computer & Communications Industry Association focused on the good news, hailing Falque-Pierrotin's remark that Privacy Shield was "a major improvement," and glossing over the DPAs' request for clarifications.

While the DPAs' doubts about Privacy Shield's legal robustness are bad news for businesses reliant on trans-Atlantic data transfers, there was some good news: Falque-Pierrotin said the working party will not publish its views on the legality of other mechanisms for data transfer until the fate of Privacy Shield is finalized.

It has been conducting a study of those mechanisms, binding corporate rules and model contract clauses, since the CJEU overturned the Safe Harbor Agreement in October, but has yet to publish its findings.

That's important, because if the working party were to torpedo all the data transfer mechanisms allowed under the EU's 1995 Data Protection Directive, there would be no legal way for businesses to transfer personal information from the EU to the U.S. That would pose serious problems for multinational businesses or service providers processing payroll for Europeans in the U.S., and could threaten operations for companies such as Google or Facebook, which would have to split their networks into European and non-European segments.

Many companies have switched to the alternative legal mechanisms, and their continued validity is essential if data is to continue to flow across the Atlantic, according to another industry lobby group, DigitalEurope. 

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Safe HarborPrivacy Shield

Featured

Slideshows

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards

Revealed at a glitzy bash in Sydney at the Ivy Penthouse, the first StorageCraft Partner Awards locally saw the vendor honour its top-performing partners with ASI Solutions, SMBiT Pro, Webroot, ACA Pacific and Soft Solutions New Zealand taking home the top awards. Photos by Maria Stefina.

StorageCraft celebrates high achievers at its inaugural A/NZ Partner Awards
Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip

​Synnex and Lenovo hosted 18 resellers for an action-packed weekend adventure in RotoVegas, taking in white water rafting on the Kaituna River, as well as quad biking and dinner at Stratosfare​, overlooking Lake Rotorua at the top of Mount Ngongotaha​. Photos by Synnex.

Kiwi resellers make a splash on Synnex and Lenovo RotoVegas road trip
Show Comments