News: Is Privacy Shield enough of a step up in privacy from Safe Harbour?
The Privacy Shield agreement governing data transfers between the EU and US received a significant blow this week as the European Data Protection Supervisor (EDPS) rejected it in its current form.
Giovanni Buttarelli said that the Privacy Shield agreement as it stands is "not robust enough to withstand future legal scrutiny before the Court."
The EDPS added that "significant improvements" would be needed to respect key data protection principles.
In particular, these were "necessity, proportionality and redress mechanisms."
He added that it was time to develop a longer term solution in the transatlantic dialogue.
The EDPS’s opinion was published as part of his duty as an "independent advisor to the EU institutions" on data protection matters. This means that while his opinion may be taken on board it will not be enough to scupper the deal.
Buttarelli adds his criticism to those voiced by the Article 29 Data Protection Working Party, which recommended revisions to a number of points in the proposed agreements.
Their concerns included the complexity of the agreement and the lack of a mechanism to deal with the introduction of the General Data Protection Regulation in 2018.
Their main criticism was over the indiscriminate bulk collection of EU citizens and whether enough privacy would be guaranteed by the agreement.
Privacy Shield is the new framework for data sharing between the EU and US that is being negotiated after the previous Safe Harbour framework was ruled to be invalid by the Court of Justice of the European Union in October 2015, since it was seen as not providing a sufficient level of data priotection for personal data transferred by companies from the EU to the U.S..
The new proposed agreement was first published in February 2016.
It is important to note that the agreement only covers data exchange for commercial purposes. Transfers for law enforcement purposes are covered by the EU-U.S. Umbrella Agreement.