PRIVACY SHIELD

EU-US data pact faces first major test of credibility

EU-DATAPROTECTION/USA European Justice, Consumers and Gender Equality Commissioner Vera Jourova at the EU Commission headquarters in Brussels | Reuters

A pact underpinning billions of dollars of transatlantic data transfers will undergo its first annual review on Monday, with Europe seeking to ensure Washington has lived up to its promises to protect the data of European citizens stored on US servers.

Feted as a milestone in transatlantic relations, which had soured after revelations of mass US surveillance four years ago, the EU-US Privacy Shield data pact has been in place for just over a year.

It was hammered out after the European Union’s top court struck down a previous data transfer pact in 2015 because it allowed US spies excessive access to people’s data, plunging everyday cross-border data transfers into legal limbo.

However, it is already subject to two legal challenges in European courts on the grounds that it does not offer adequate privacy protections for European citizens’ data, and EU data protection watchdogs have also expressed misgivings.

The first annual review taking place on Monday and Tuesday will be an opportunity for the European Commission, which negotiated the Privacy Shield, to ensure it is functioning well and that the US administration is keeping its part of the deal.

“My expectation is that we will find Privacy Shield functioning, we might find some space or room for improvement,” Vera Jourova, EU Justice Commissioner, told Reuters in an interview.

OMBUDSMAN

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to US servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about US spying.

However, a new ombudsman has not been appointed under the new US administration, something Jourova said she will push for.

Companies wanting to transfer Europeans’ personal data outside the bloc have to comply with tough EU data protection rules which forbid them from transferring personal data to countries deemed to have inadequate privacy protections unless they have special legal contracts in place.

The Privacy Shield allows firms to move data across the Atlantic without relying on such contracts, known as model clauses, which are more cumbersome and expensive.

Over 2,400 companies are signed up to the scheme including Alphabet Inc’s Google, Facebook and Microsoft.

“Virtually every transaction in the trillion-euro transatlantic trade relationship, from the movement of services and capital to the movement of goods and people, heavily relies on the transfer of data between the EU and US,” said Thomas Boue, Director General, Policy, EMEA for BSA, which represents the likes of Apple, Microsoft and IBM.

The Commission is also seeking to find out figures for how many requests for people’s data companies had received from US authorities.

“The million dollar question was how many times they were asked by the national secret service,” Jourova said. “This is of big relevance for assessing whether Privacy Shield is successful.”

The Commission will produce a report with its conclusions on the review of the Privacy Shield in October.

This browser settings will not support to add bookmarks programmatically. Please press Ctrl+D or change settings to bookmark this page.

Related Reading