Menu
Microsoft endorses EU-US Privacy Shield data sharing pact

Microsoft endorses EU-US Privacy Shield data sharing pact

But EU privacy regulators reportedly see the Privacy Shield agreement as inadequate

Microsoft is throwing its weight behind the EU-U.S. Privacy Shield agreement, which is intended to safeguard the privacy of European Union citizens when their personal information is exported to the U.S. for processing.

But a document leaked late last week suggests the proposed agreement does not have the backing of EU data protection authorities, who are meeting this week to finalize their position on it.

Microsoft will seek approval to conduct data transfers under the agreement, its Vice President for EU Government Affairs, John Frank, wrote in a blog post Monday.

He promised the company would respond to individual privacy complaints within 45 days, and comply with the recommendations of national data protection authorities in case of dispute.

However, the agreement does not go far enough, and U.S. and EU officials still have more work to do, Frank wrote: "Additional steps will be needed to build upon the Privacy Shield after it is adopted, ranging from additional domestic legislation to modernization of mutual legal assistance treaties and new bilateral and ultimately multilateral agreements."

The company delivered its verdict on the transatlantic data transfer deal just two days before European Union data protection authorities are due to deliver their own.

Privacy Shield was negotiated to replace the July 2000 Safe Harbor agreement, which the Court of Justice of the EU overturned last October, declaring it incompatible under EU privacy laws.

Those laws require that the personal information of EU citizens only be processed in countries where it can be accorded the same level of privacy protection as under EU law. The Safe Harbor Agreement was inadequate for that purpose, the CJEU found.

When the European Commission officials unveiled details of the new agreement with the U.S. in February, they said Privacy Shield answered all the CJEU's criticisms of Safe Harbor. They also published a draft "adequacy decision," the legal instrument required to add Privacy Shield to the list of data transfer mechanisms acceptable under the EU's 1995 Data Protection Directive.

In the draft, the Commission claims it has the support of the Article 29 Working Party, which brings together the EU's national data protection authorities.

The working party hasn't made its mind up yet, though: It has been conducting its own analysis of Privacy Shield since February and is due to finalize its position at a meeting on Tuesday and Wednesday.

German data protection authorities are against Privacy Shield, according to a briefing document accidentally published on their website last week. The document, posted by German lawyer Carlo Piltz to his blog, calls on the working party to reject Privacy Shield as inadequate under EU law.

The German briefing document calls for the working party's executive summary to state: "Until these issues are addressed, the WP29 considers it is not in a position to reach an overall conclusion on the draft adequacy decision. It stresses that some of the clarifications and concerns – in particular relating to national security – may also impact the viability of the other transfer tools."

It also wants the working party report to conclude: "Therefore, the WP29 is not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection that is essentially equivalent to that in the EU."

The German delegation wants the European Commission to remove from the adequacy decision any references to the Working Party's approval, and it wants Privacy Shield to be referred to the CJEU if the Commission goes ahead without taking into account the working party's criticisms, according to the document downloaded by Piltz. The German authorities have since removed copies of the document from their websites, he wrote Friday.

The contents of the leak did not surprise Aaron Tantleff, intellectual property attorney at Foley and Lardner.

"The purpose of Privacy Shield was to ensure that there was a mechanism in place to ensure a level of protection in the U.S. that is essentially equivalent to that in the EU. Based upon the current draft of the Privacy Shield framework agreement, I can see how one may find that the current draft does not appear to satisfy this requirement," he said.

The data protection authorities don't get the last word on Privacy Shield. Their opinion is only advisory, and there are other bodies that have yet to weigh in, including the European Parliament.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

This exclusive Reseller News Exchange, in association with Arrow ECS ANZ, ForeScout and StorageCraft, went on the road to debate the early implications of GDPR in New Zealand, extracting opportunities while evaluating challenges for the channel in the year ahead.

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington
Show Comments