Privacy Shield Gets Go-Ahead From EU Governments; EC OK Seen
EU governments backed Privacy Shield, the trans-Atlantic data transfer arrangement intended to replace safe harbor, as the Article 31 Committee of representatives from the 28 member countries approved the final version of the agreement Friday, the European Commission said. The "strong support ... paves the way for the formal adoption of the legal texts and for getting the EU-U.S. Privacy Shield up and running," said EC Vice President-Digital Single Market Andrus Ansip and Justice Commissioner Vera Jourová in a statement. The EC will approve the agreement July 12, a spokeswoman said. Jourová will brief the European Parliament Civil Liberties, Justice and Home Affairs Committee Monday on the state of play, the EC said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Industry groups applauded the Article 31 Committee action. Consumers and some in the European Parliament remain unhappy about the new deal.
Privacy Shield is "fundamentally different" from safe harbor, the EC officials said. It imposes "clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice." For the first time, the U.S. provided written assurance that access by public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms, and it "ruled out indiscriminate mass surveillance of European citizens' data," the EC officials said. They said the agreement protects fundamental rights and provides accessible and affordable redress mechanisms.
The expected positive vote this week by the EC, and Jourová's signature to the agreement, "will end a period of serious uncertainty," said Linklaters (Brussels) privacy attorney Tanguy van Overstraeten. That Ansip and Jourová issued a joint statement "shows how much they support this new transfer solution so the vote next week should be a mere formality," he emailed.
That the EC will issue an adequacy decision on Privacy Shield this week "is as certain as the fact that some will still not be satisfied with it," emailed Hogan Lovells (London) data protection attorney Eduardo Ustaran. "The key question is whether it will be challenged" in the European Court of Justice, by whom and when, and, if there is a lawsuit, what the court's verdict will be, he said. "My impression is that challenging the Privacy Shield and the US privacy protections has become a bit of a mission in some quarters and that is something that always interferes with objectivity."
The Direct Marketing Association applauded the committee's "key vote" and the cooperation between U.S. and EU officials in "strengthening and clarifying certain provisions of the framework" of Privacy Shield. Negotiators' "hard work" added restrictions on the ability of companies certifying to Privacy Shield to retain data about EU citizens; clarified the independence of the U.S. ombudsperson position created to deal with EU citizens' complaints about U.S. signals intelligence practices; and provided written assurances ruling out mass surveillance, said the Information technology Industry Council. The U.S. Chamber of Commerce urged "a swift conclusion of the remaining steps to allow its entry into force." BSA|The Software Alliance also cheered the committee's action, saying the agreement "will usher in a new era of stability and much-needed certainty in transatlantic data flows to the benefit of all sides."
The European Consumer Organisation, however, said the EU "should have done more to promote its pioneering data protection law." It's "sad news for EU consumers that commercial interests seem to trump their right to privacy," a BEUC spokesman emailed. It's disappointing that political and commercial pressures are given more consideration than the arguments from the EU's own national privacy bodies, he said.
The European Parliament debated Privacy Shield in May (see 1605250002) and approved a nonbinding resolution saying the arrangement still has "deficiencies." Max Schrems, who filed the legal challenge that brought down safe harbor, plans a briefing Tuesday with Member of the European Parliament Jan Philipp Albrecht, of the Group of the Greens/European Free Alliance and Germany. The briefing will be on "some of the concerns with Privacy Shield, which perpetuates some of the problems with Safe Harbour by transferring data of European consumers to the US, despite the lack of adequate data protection provisions there," Albrecht's office said.