View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
April 11, 2016updated 05 Sep 2016 11:29am

Leaked document reveals EU national data regulators may oppose Commission’s Privacy Shield decision

News: Regulators express concern that the decision does not provide equivalent protection to within the EU.

By Alexander Sword

A document leaked online regarding the ongoing Privacy Shield data protection negotiations between the US and the EU, suggests that European authorities might not back the decision.

A document posted on the website of the State Commissioner for Data Protection of Baden-Württemberg indicates that the Article 29 Data Protection Working Party (WP29) may not approve the European Commission’s proposed decisions on the transfer of data to the US.

Appearing to be from a draft document, the text posted on the website of Dr. Carlo Piltz, a lawyer and privacy expert, said that "the WP29 is not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection that is essentially equivalent to that in the EU."

The WP29 is composed of national representatives from EU countries and representatives from EU institutions. Its decision is not binding, meaning that the European Commission may simply go ahead with the decision anyway.

Plitz wrote in a blog that for this reason, the DPAs include in their mandate for the German representatives the demand that if this happens, the WP29 will support test cases and legal actions against the decision in order to get a hearing in the European Court of Justice.

This new agreement governing the transfer of data across the Atlantic will replace ‘Safe Harbor’. Last year, the European Court of Justice ruled that this was invalid, forcing the commission to start negotiations with the US on a renewed and safe framework on transfer of personal data.

It is required to meet the requirements identified in the court ruling, with respect to limitations and safeguards on access to personal data by the US public authorities.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The decision is of paramount importance to US companies which hold data from European customers, such as cloud providers.

"First and foremost, customers want certainty," said Mark Crosbie, Head of International Trust and Security at Dropbox, speaking to CBR about the Privacy Shield negotiations at the end of March.

"They want to know if they’re doing business with an American company whether they’re on a sound footing with compliance."

Crosbie said: "There are various steps that companies can take, including model contract clauses, where we can provide either legal instruments or technical solutions to people who are concerned about what it means as a European company to use US cloud services.

"You’re going to see more and more attention paid to this by cloud providers; they can’t dismiss it as a European issue any more. This is a global issue and the changes that you need to make in your product are going to be driven by changes on both sides of the Atlantic that will have global ripple effects."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.