View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data
August 30, 2018

Deadline Looms for “Privacy Shield” Data Transfer Demands

"No effective control over whether certified companies actually comply with the Privacy Shield provisions."

By CBR Staff Writer

A resolution issued by the European Parliament in July, which calls on the European Commission to suspend the EU – US Privacy Shield data transfer agreement, is days away from its September 1 deadline.

The parliament says the deal – a replacement for the Safe Harbor regime, which was struck down by the EU Court of Justice (“CJEU”) in 2015 – does not procure adequate personal data protection for EU citizens.

As one passage of the resolution puts it: “A number of concerns remain regarding both the commercial aspects and the access by US public authorities to data transferred from the EU… [including] the lack of concrete assurances of not conducting mass and indiscriminate collection of personal data (bulk collection).”

See also: UPDATED: Irish High Court Warns of “Potentially Grave Prejudice” in Landmark Facebook Ruling

The parliamentarians further raised commercial concerns, saying they are concerned by the fact that the Department of Commerce “has not made use of the possibility provided in the Privacy Shield to request copies of the contractual terms used by certified companies in their contracts with third parties to ensure compliance”.

They added: “There is no effective control over whether certified companies actually comply with the Privacy Shield provisions.”

See also: New “100% UK Sovereign” UKCloud Service Takes Pot Shot at US CLOUD Act

The 2015 judgement by the court was the culmination of a 2013 legal challenge by European privacy campaigner Max Schrems. His campaign continues

As law firm Loyens & Loeff puts it however: “Not the European Parliament, but only the European Commission has the power to suspend or revise the Privacy Shield framework, notwithstanding the power of the EU Court of Justice to invalidate the European Commission’s decisions.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Apple rolls out privacy features ahead of GDPR

Apple’s updates ensure users have control of their own privacy.

The European firm’s Florence D’Ath and Véronique Hoffeld added: “While the Resolution of the European Parliament is not binding on the European Commission (or on the CJEU), it is definitely a strong political signal. With, on top of this, a case for the invalidation of the Privacy Shield (initiated by Max Schrems) currently pending before the CJEU, the future of the Privacy Shield does not look very bright.”

Cancelling the Privacy Shield would affect somewhere in the region of 3,400 companies who have self-certified as compliant with its requirements. As solicitor Jocelyn Paulley puts it in a recent whitepaper: “They would have to either freeze data flows, or look to the alternative models to transfer data such as the EU Commission-approved model clauses or putting in place Binding Corporate Rules.”

The European Parliament’s deadline is likely to pass with more of a whimper than a bang, but the issue, meanwhile, is not going anywhere; certainly not while the Irish courtroom battle between privacy activist Max Schrems and Facebook continues.

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.