EU regulators cautiously endorse US data pact
-
Companies will be able to sign up to Privacy Shield starting on 1 August (Photo: Nicolas Nova)
EU privacy regulators on Tuesday (26 July) endorsed a new self-certifying US data transfer pact but highlighted a number of outstanding issues.
The so-called Privacy Shield allows companies to transfer the data of EU citizens to servers based in the United States.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
The transatlantic trade is worth billions for firms but ran into problems following revelations of US-led mass surveillance on EU citizens three years ago.
The new pact replaces the Safe Harbour agreement, which was invalidated by the European Court of Justice last October.
Isabelle Falque-Pierrotin, who chairs the group of 28 EU data protection authorities, said the new Shield has made improvements compared to Safe Harbour.
“On several points, the final decision answers to what we asked for, both on the commercial side and on the public-security side,” she is quoting as saying in the Wall Street Journal, a US daily.
Falque-Pierrotin had in April warned the draft agreement would still allow for US bulk collection of data.
The European Commission then put forward a revised proposal along with their US counterparts before rubber stamping the agreement earlier this month.
But the data authorities, in a statement issued on Tuesday, said US authorities still have not provided any "concrete assurances" to prevent mass and indiscriminate collection of personal data.
It also questioned the powers and independence of the US ombudsman charged with handling complaints from EU citizens.
Falque-Pierrotin said the regulators would review the agreement next summer.
"If the situation is considered as OK at the first annual review, on the public security side, it is going to have an impact also on the other transfer tools by reaffirming their legal robustness," she told the Reuters news agency.
Brussels-based DigitalEurope, which represents the digital technology industry in Europe, said the annual review would help reveal weaknesses.
"We agree that the annual review will be a vital point to determine whether the safeguards are effective and make tweaks if necessary," said DigitalEurope's director general John Higgens in a statement.
Tech companies have been using other more costly and more complex data transfer schemes since Safe Harbour's demise. They will now be able to sign up to Privacy Shield in start of August.
But Shield's future may run into trouble as privacy activists gear up to challenge it in the courts.