EU-US 'Privacy Shield' data exchange
No blank cheque for data transfers without equivalent protection standards
"The proposed 'Privacy Shield' framework does not seem like a viable long-term solution. It seems highly questionable that this new framework addresses the concerns outlined by the European Court of Justice in ruling the Safe Harbour decision illegal (1). The European Commission cannot issue a blank check for the transfer of European citizens' data to the US. Instead, it has to continue to insist on improvements to the level of data protection.
"The provisions on redress are particularly vague under the proposed 'Privacy Shield'. In order to guarantee an equivalent level of data protection, legislative changes in the US are needed, particularly for judicial redress against national security agencies and consumer privacy and data protection standards. Given these shortcomings, there is a clear need for a sunset clause for this new legal framework (2)."
(1) The European Commission proposed 'Privacy Shield' on 28 February as a framework for the exchange of data of EU citizens to the US. The proposal is aimed at being a replacement for the former Safe Harbor framework, which was ruled illegal by the European Court of Justice in 2014. Despite the fact that, the EU's new Data Protection Regulation will enter into force in May 2018, a revision of the Privacy Shield to take account of these revised rules is not foreseen.
(2) The Greens have called for Privacy Shield to be limited to up to four years and have tabled an amendment to this end to draft resolution to be voted on by parliament tomorrow. The centre-right EPP group and Socialists and Democrats group have indicated they do not support such a limit.