Data and securityCyber SecurityRegulators reject EU-US Privacy Shield deal

Regulators reject EU-US Privacy Shield deal

Data regulators that make up the Article 29 working group have criticised the Privacy Shield safe harbour revamp proposed by the European Commission.

Data regulators that make up the Article 29 working group have criticised the Privacy Shield safe harbour revamp proposed by the European Commission.

Criticism surrounds the lack of surveillance protection from the US government for EU citizens’ data. Article 29 is also concerned about the strength and independence of the US ombudsman, which will deal with European complaints.

 

Indiscriminate data collection

The EU-US Privacy Shield was agreed in February after two years of negotiations. The agreement should allow companies to transfer EU citizens’ data for processing or storage within the US, replacing the previous agreement that was invalidated by the European court of justice after it ruled the agreement did not have “adequate” privacy protections inline with those of the EU.

The Privacy Shield limits what the US government can and can’t do with data across six purposes such as counterterrorism and cybersecurity.

Paul Breitbarth, representing the working party, said: “We think the limits are still very broadly defined and can’t count as targeted data collection, so for us it’s still indiscriminate and mass data collection.”

 

Not legally binding

The Article 29 Working Party’s opinion is not binding on the European Commission, but it is highly influential and reports suggest that rejection of the Privacy Shield would almost certainly lead to a legal challenge, meaning the whole process would be back to square one.

In its formal response the influential group did appear to leave the door ajar for the agreement, suggesting that it will wait to see the result of two related reviews: one by the Article 31 Committee – whose recommendations are binding – and another by the ECJ over the legality of the UK’s surveillance efforts by listening post GCHQ.

These, along with the revised EU data protection rules expected soon, which may impact the legality of Privacy Shield, mean the matter is likely to rumble on.

Related Articles

Making the cloud a safe space

Cloud Computing Making the cloud a safe space

4d Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

1w Austin Clark
Government security analysts 'at risk of being overwhelmed by attacks'

Cyber Security Government security analysts 'at risk of being overwhelmed by attacks'

2w Austin Clark
DCMS proposes new cyber security council in latest consultation

Cyber Security DCMS proposes new cyber security council in latest consultation

3w Austin Clark
Securing unified communications – securing countries and citizens

Cyber Security Securing unified communications – securing countries and citizens

3w Guest Writer
IoT security: a barrier to deployment?

Cyber Security IoT security: a barrier to deployment?

3w Guest Writer
Cyber matters – now not later

Cyber Security Cyber matters – now not later

4w Guest Writer
Housing associations collaborate around cyber awareness

Cyber Security Housing associations collaborate around cyber awareness

4w Austin Clark