Menu
Privacy Shield needs improvement, says EU privacy watchdog

Privacy Shield needs improvement, says EU privacy watchdog

The successor to Safe Harbor suffers from some of the same faults

Privacy Shield has a new detractor, and that spells bad news for businesses built on the transatlantic transfer of personal data.

The Privacy Shield agreement is intended to protect the privacy of European Union citizens when their personal information is processed in the U.S., but it has found few supporters since the European Commission unveiled an unfinished draft of the agreement in January.

Even after the Commission published further details, in April, the critics continued to pile on. Last month, national data protection authorities from across the EU said it still needed significant work, and last week the European Parliament said it too is unsatisfied.

Now it's the turn of the European data protection supervisor, appointed by the Commission to advise EU institutions on privacy and data protection matters.

EDPS Giovanni Buttarelli wants the Commission to negotiate improvements to Privacy Shield in three main areas: limiting exemptions to its provisions; improving its redress and oversight mechanisms, and integrating all the main EU data protection principles.

The Commission began negotiating Privacy Shield last October, when the Court of Justice of the EU struck down its predecessor, the Safe Harbor Agreement, saying it was inadequate.

Businesses that had previously relied on Safe Harbor were invited by the Commission to use other mechanisms provided for in the 1995 Data Protection Directive, such as standard contract clauses and binding corporate rules, to continue legally exporting data.

Many observers have said that those alternative mechanisms suffer from the same deficiencies as did Safe Harbor, particularly the protection of personal data from bulk surveillance by U.S. security services, but their adequacy has not yet been tested in court.

That may soon change, as the Irish data protection commissioner called last week for the CJEU to examine the legality of standard contract clauses. If the court decides they too are inadequate, then a swift conclusion to the Privacy Shield negotiations will be vital if the transatlantic flow of data is not to be interrupted.

The EDPS is concerned that Privacy Shield's provisions on surveillance are a step in the wrong direction.

"Whereas the 2000 Safe Harbour Decision formally treated access for national security as an exception, the attention devoted in the Privacy Shield draft decision to access, filtering and analysis by law enforcement and intelligence of personal data transferred for commercial purposes indicates that the exception may have become the rule," Buttarelli wrote in a report published late Monday.

"The purposes for which exceptions are allowed and the requirement of a legal basis should be more precise," he wrote.

Buttarelli's concerns echo those of the European Parliament, expressed in a resolution last Thursday.

They too warned of deficiencies in the arrangement, notably the possibility for U.S. authorities to collect bulk data in ways that do not meet the criteria of necessity and proportionality. They also criticized the complexity of the redress mechanism if data is mishandled, and the insufficient independence of the U.S. ombudsperson who will resolve data disputes.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments