EU watchdogs demand changes in US data transfer deal for lack of protection
The US-EU Privacy Shield pact designed to replace its predecessor, the Safe Harbor system, and already agreed upon, has left the European privacy regulators unsatisfied.
The agreement should provide more evidence that US surveillance activities are not in place anymore as long as more independence is given to a new US privacy public defender, the regulators said on Wednesday.
The efficiency and independence of the US ombudsman who will respond to EU complaints regarding privacy infringements has also failed to inspire confidence.
“We don't have enough security guarantees in the status of the ombudsperson,” Falque-Pierrotin said.
The main area of concern is “the possibility that is left in the Shield for bulk collection which if massive and indiscriminate is not acceptable,” Isabelle Falque-Pierrotin, chair of the group of 28 data protection authorities, said, according to Reuters.
Data protection regulators have called on the European Commission to reconsider the Privacy Shield pact in two years after a new data protection law is passed.
Although the opinion of the group is non-binding, the regulators are still responsible for the enforcement of data protection law inside the EU and it is under their jurisdiction to suspend some specific data transfers.
Unlike Safe Harbor, Privacy Shield provides a more thorough explanation of Europeans’ rights and outlines the ways of how to respect them, Falque-Pierrotin noted.
The Privacy Shield will let companies including software giants such as Microsoft, Facebook and Google send Europeans’ data all the way to the US offices by committing to EU data protection standards and thus avoiding the EU ban on taking personal information outside the 28 nation bloc.
The pact agreed on in February after two years of talks was drawn up by the Commission and US negotiators after the milestone ruling of the Court of Justice that found Safe Harbor was compromising to the essential European right to privacy.
The companies move data to the US by establishing contracts and rules stipulating privacy protection between groups. EU legislation prohibits the transfer of personal information to countries with lower levels of privacy protection unless such a contract is in force.