EU-US Privacy Shield Gets Nuanced Review by EU Privacy Regulators
On April 13, 2016, the Article 29 Working Party (Working Party) released its review of the EU-US Privacy Shield (Privacy Shield), the proposed new framework for US companies to transfer data from the EU to the US. The review of the Working Party was nuanced, giving strong credit for improvements by the Privacy Shield over the previous Safe Harbor agreement for commercial uses of data and praising new protections related to government surveillance. But the Working Party also cited various issues of concern that it wants to see addressed.
The Working Party recognized that some of the issues raised might be addressed in a future review of the Privacy Shield after the new GDPR is in place or after EU Court decisions inform the appropriate limits on bulk collection of data and surveillance. Other issues might be addressed by documents that more clearly explain the Privacy Shield or by a new glossary that explains Privacy Shield key terminology.
The Working Party also pointed out some areas where important EU concepts are not in their view captured in the Privacy Shield, such as limits on data retention, rights to object to automated processing and more.
EU Commission spokesman Christian Wigand reacted to the review saying “EU Data Protection Authorities welcome significant improvements to Privacy Shield. We aim for adoption in June.”
“While policymakers and regulators debate the next steps on Privacy Shield, they should keep in mind who is most impacted by uncertainty about EU-US data flows, stated FPF CEO Jules Polonetsky. “51% of the companies in Safe Harbor were there to transfer the human resources data of EU employees to the US, for payroll, promotions and bonuses.”
A previous FPF study also revealed that Safe Harbor included 152 companies who are headquartered or co-headquartered in European countries, which span across a wide range of industries and countries.
Click here to view the Working Party’s full opinion.