View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Transatlantic data transfer hits obstacle as EU data protection watchdogs reject Privacy Shield

News: Is Privacy Shield enough of a step up in privacy from Safe Harbour?

By Alexander Sword

The Privacy Shield agreement governing data transfers between the EU and US received a significant blow this week as the European Data Protection Supervisor (EDPS) rejected it in its current form.

Giovanni Buttarelli said that the Privacy Shield agreement as it stands is "not robust enough to withstand future legal scrutiny before the Court."

The EDPS added that "significant improvements" would be needed to respect key data protection principles.

In particular, these were "necessity, proportionality and redress mechanisms."

He added that it was time to develop a longer term solution in the transatlantic dialogue.

The EDPS’s opinion was published as part of his duty as an "independent advisor to the EU institutions" on data protection matters. This means that while his opinion may be taken on board it will not be enough to scupper the deal.

Buttarelli adds his criticism to those voiced by the Article 29 Data Protection Working Party, which recommended revisions to a number of points in the proposed agreements.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Their concerns included the complexity of the agreement and the lack of a mechanism to deal with the introduction of the General Data Protection Regulation in 2018.

Their main criticism was over the indiscriminate bulk collection of EU citizens and whether enough privacy would be guaranteed by the agreement.

Privacy Shield is the new framework for data sharing between the EU and US that is being negotiated after the previous Safe Harbour framework was ruled to be invalid by the Court of Justice of the European Union in October 2015, since it was seen as not providing a sufficient level of data priotection for personal data transferred by companies from the EU to the U.S..

The new proposed agreement was first published in February 2016.

It is important to note that the agreement only covers data exchange for commercial purposes. Transfers for law enforcement purposes are covered by the EU-U.S. Umbrella Agreement.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.