EU regulators cautiously endorse US data pact
EU privacy regulators on Tuesday (26 July) endorsed a new self-certifying US data transfer pact but highlighted a number of outstanding issues.
The so-called Privacy Shield allows companies to transfer the data of EU citizens to servers based in the United States.
Dear EUobserver reader
Subscribe now for unrestricted access to EUobserver.
Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.
- Unlimited access on desktop and mobile
- All premium articles, analysis, commentary and investigations
- EUobserver archives
EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.
♡ We value your support.
If you already have an account click here to login.
The transatlantic trade is worth billions for firms but ran into problems following revelations of US-led mass surveillance on EU citizens three years ago.
The new pact replaces the Safe Harbour agreement, which was invalidated by the European Court of Justice last October.
Isabelle Falque-Pierrotin, who chairs the group of 28 EU data protection authorities, said the new Shield has made improvements compared to Safe Harbour.
“On several points, the final decision answers to what we asked for, both on the commercial side and on the public-security side,” she is quoting as saying in the Wall Street Journal, a US daily.
Falque-Pierrotin had in April warned the draft agreement would still allow for US bulk collection of data.
The European Commission then put forward a revised proposal along with their US counterparts before rubber stamping the agreement earlier this month.
But the data authorities, in a statement issued on Tuesday, said US authorities still have not provided any "concrete assurances" to prevent mass and indiscriminate collection of personal data.
It also questioned the powers and independence of the US ombudsman charged with handling complaints from EU citizens.
Falque-Pierrotin said the regulators would review the agreement next summer.
"If the situation is considered as OK at the first annual review, on the public security side, it is going to have an impact also on the other transfer tools by reaffirming their legal robustness," she told the Reuters news agency.
Brussels-based DigitalEurope, which represents the digital technology industry in Europe, said the annual review would help reveal weaknesses.
"We agree that the annual review will be a vital point to determine whether the safeguards are effective and make tweaks if necessary," said DigitalEurope's director general John Higgens in a statement.
Tech companies have been using other more costly and more complex data transfer schemes since Safe Harbour's demise. They will now be able to sign up to Privacy Shield in start of August.
But Shield's future may run into trouble as privacy activists gear up to challenge it in the courts.