EU privacy regulators skeptical about Privacy Shield

News General Europe 13 APR 2016
EU privacy regulators skeptical about Privacy Shield

The EU's privacy regulators have expressed concerns about the proposed Privacy Shield agreement on data transfers to the US, saying its doesn't do enough to prevent mass, indiscriminate surveillance of EU residents. The so-called Article 29 Working Group issued its opinion on the proposal and whether it lives up to EU data protection standards. 

The regulators did concede that the Privacy Shield offered "significant improvements" on the previous Safe Harbour agreement, which was struck down last year by the EU Court of Justice for failure to adhere to EU data protection law. However, the Privacy Shield suffers from an "overall lack of clarity", the group said. Key concepts such as limiting access to personal data, data retention, automated processing and onward transfers beyond the US are not sufficiently defined or incoherent with definitions in EU law.  

The main issue is whether the Privacy Shield does enough to prevent mass surveillance, something the regulators have long held must be subject to strict limits in a democratic society, in order to uphold fundamental rights in the EU. A forthcoming ruling by the EU Court of Justice is expected to provide more clarity on the legal limits of mass surveillance under EU law, the regulators noted, and this may impact the validity of the Privacy Shield. 

Furthermore, the new redress mechanism for EU citizens proposed in the Privacy Shield may be too complex and ineffective. The national data protection authorities could be a better point of contact than the proposed Privacy Shield ombudsperson. The latter is expected to deal with complaints from Europeans about how their data has been used by US law enforcement. However, the EU regulators are concerned the ombudsperson lacks sufficient independence and powers to meet its aims. 

The group also noted that the Privacy Shield may need revisions to bring its in line with the upcoming new directive and regulation on data protection in the EU. The regulation is expected to be approved this week by the European Parliament, giving EU members two years then to implement the changes. 

The Article 29 group's opinion is only advice to the European Commission, which negotiated the agreement with the US. The Article 31 Committee, consisting of representatives of the EU states, must also give its opinion on the agreement, and most of the members are thought to support the Privacy Shield. The Article 31 Committee is expected to take a decision on the Privacy Shield in May. 

The Commission aims to take a final decision in June, after which the agreement would come into effect immediately. EU Justice Commissioner Vera Jourova said in a statement that the Commission would incorporate the feedback from privacy regulators before taking a decision. She said the Commission also plans a practical "users guide" on how citizens can obtain redress in cases of possible privacy violations and that she counts on the privacy regulators to help enforce the new agreement. 

Categories:

General

Regions:

Europe

Tags:

Regulations, Legislation - Lawsuits

Related Articles

EUROPE 27 JUL 2016

EU regulators still concerned about privacy shield

The EU's data protection regulators still have concerns about the 'privacy shield' agreed on data transfers to the US, but will await the first annual review of the deal before taking any action, they said. The so-called Article 29 Working Party, which units the national privacy regulators of the EU, said in a statement that it was concerned the commercial aspects of the privacy shield, the powers of the new ombudsman to handles complaints about data abuses and lack of assurances from the US that its law en

EUROPE 12 JUL 2016

EU, US deal on personal data transfers goes into effect

The European Commission has approved the Privacy Shield agreement with the US on the transfer of personal data cross the Atlantic. The Commission said that the final agreement was amended following concerns from the EU data protection authorities (Art. 29 working party) and the European Data Protection Supervisor, as well as a resolution of the European Parliament. This resulted in a number of clarifications and improvements compared to the draft agreement presented in February, on issues such as bulk colle

EUROPE 8 JUL 2016

EU members approve Privacy Shield with US

Members of the EU have approved the proposed 'Privacy Shield' agreement with the US on the transfer of personal data between the EU and US. First proposed in February, the agreement is designed to replace the former 'safe harbour' status for the US as a safe destination for personal data of EU citizens. This status was struck down last year by the European Court of Justice, which found that the US did not provide enough safeguards for personal data or the opportunity for legal redress by EU citizens whose d

EUROPE 8 JUL 2016

Europe set to approve privacy shield with US - report

The European Union is set to approve the proposed 'Privacy Shield', agreed with the US to prtect personal data being transferred across the Atlantic. Sources familiar with the matter told Ars Technica that the so-called Article 31 group, made up of representatives from all EU member governments, is expected to clear the deal at a meeting 08 July. The group has been critical of the deal up to now, but the report said that having finally seen the text—after two false starts where the expected document wasn't

EUROPE 31 MAY 2016

EDPS warns Privacy Shield susceptible to legal challenge

The European Data Protection Supervisor (EDPS) has warned the proposed Privacy Shield on data transfers from EU to the US is susceptible to legal challenges in its current form. In an opinion on the proposal, the EU's top privacy official Giovanni Buttarelli said "significant improvements" are needed and he tried to offer some "practical solutions" to addressing the concerns about the Privacy Shield. In April already, the Article 29 Working Party, made up of national privacy regulators, said in its opinion

EUROPE 27 MAY 2016

European Parliament calls for improvements to privacy shield

The European Parliament has called on the European Commission to negotiate improvements in the proposed 'privacy shield' agreement with the US on transferring personal data. MEPs voted in a large majority (501 for, 119 against) for the non-binding resolution. They said the negotiated agreement offered "substantial improvements" compared to the Safe Harbour decision it was designed to replace, but still has "deficiencies", especially concerning access by US law-enforcement authorities to personal data on EU

EUROPE 26 MAY 2016

Facebook 'model contracts' to face EU privacy lawsuit

The Irish privacy watchdog said it would refer Facebook to the EU Court of Justice for possible violations of EU data protection law with the social network's transfer of data on EU users to the US, Reuters reports. The Irish Data Protection Commissioner earlier started an investigation into Facebook's transfers to ensure that personal privacy is properly protected from US government surveillance. The IDPC said it would ask the Court of Justice of the European Union (CJEU) to determine the validity of Faceb

NETHERLANDS 9 MAY 2016

Dutch Datacenter Association opposes Privacy Shield proposal

The Dutch Datacenter Association has come out against the proposed Privacy Shield, to replace the EU's 'safe harbour' agreement with the US on the transfer of personal data. The lobby group said it backs the position of the Article 29 Working Party, the EU's association of data protection regulators. The Working Party earlier criticised the Privacy Shield proposal, saying it does not adequately secure the privacy of European data and may expose EU residents to mass surveillance by US intelligence services. 

EUROPE 21 APR 2016

US resists further changes to Privacy Shield proposal

The US does not want to change the substance of the 'Privacy Shield' agreed with the the European Commission, according to Stefan Selig, US Undersecretary of Commerce for International Trade. He told Reuters that the US would evaluate the opinion of EU data protection regulators very carefully, but would be wary of reopening the agreement. Calling the EU data protection authorities' opinion on the Privacy Shield an "important milestone", Selig said the US would take it into consideration. But "we are also v

EUROPE 15 APR 2016

DDA: Privacy Shield biedt onvoldoende garanties

Het nieuwe dataprivacyverdrag Privacy Shield, dat de uitwisseling van persoonsgegevens tussen de EU en de VS van een nieuwe juridische grondslag moet voorzien na de verwerping van Safe Harbor in oktober 2015, biedt op dit moment niet de verbeteringen die noodzakelijk zijn om de privacy van Europese burgers beter te waarborgen. Dat stelt de Dutch Datacenter Association (DDA) in een verklaring. Volgens de DDA heeft de Artikel 29 werkgroep, die de Europese Commissie (EC) adviseert over Privacy Shield, nog flin

EUROPE 14 APR 2016

EU Parliament approves data protection legislation

The European Parliament has approved new data protection regulations in the EU, bringing to an end four years of negotiations on reforming the data protection directive dating from 1995. The legislation passed by parliament includes The General Data Protection Regulation, covering the processing of personal data, and a directive governing the handling and transfer of personal data by law enforcement authorities, including across EU borders. EU states will have two years to transpose the new rules into their

EUROPE 13 APR 2016

EU privacytoezichthouders skeptisch over Privacy Shield

De privacy-toezichthouders van Europa hebben twijfels over het Privacy Shield, het voorgestelde akkoord over de doorvoer van gegevens naar de VS. Het voorstel doet te weinig om massale en ongerichte surveillance op Europese burgers te voorkomen, meldt Ars Technica van een persconferentie in Brussel van de Artikel 29 Werkgroep met alle toezichthouders. Overigens wordt het nieuwe verdrag wel een verbetering genoemd ten opzichte van Safe Harbour. De werkgroep verwacht een vonnis van het Europees Hof van Justit

EUROPE 3 FEB 2016

EU regulators to hold off enforcing data transfers ruling

EU data protection regulators said they will hold off enforcing the court ruling ending the US's 'safe harbour' status, while they evaluate the new agreement between the EU and US on trans-Atlantic data transfers. Businesses transferring personal data from the EU to the US can continue to resort to standard contractual clauses and binding corporate rules in order to ensure compliance with EU data protection rules. The Article 29 group called on the European Commission to ensure it has all the necessary docu

EUROPE 2 FEB 2016

EU, US agree new 'privacy shield' for data transfers

The European Union and the US have agreed on a new framework for protecting the privacy of personal data passed by companies between the two territories, the European Commission announced. To be known as the EU-US Privacy Shield, the agreement comes on the deadline of 02 February set by EU privacy regulators to reach an agreement. The new arrangement will provide stronger obligations on companies in the US to protect the personal data of Europeans and stronger monitoring and enforcement by the US Department

EUROPE 16 DEC 2015

EU reaches compromise on data protection directive

The European Council and Parliament have reached a compromise agreement on the new data protection directive, following three years of debate. Designed to replace the existing data protection directive from 1995, the new law aims to give consumers greater control over how their personal data is used, especially online. It also extends EU regulations to businesses based outside the region and handling data on EU residents. The legislation includes the General Data Protection Regulation, covering personal dat

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.