Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
July 8 — The European Commission July 12 will finalize the European Union-U.S. Privacy Shield data transfer agreement, after a regulatory committee of EU countries July 8 cleared the arrangement.
Thousands of companies in the U.S. and EU have been holding their breathes for the approval of the mechanism to allow easier transfer of personal data to the U.S. But they may not be able to safely exhale yet, as the exact text of the document approved by the Article 31 committee wasn't released by the commission. The commission declined to disclose the latest version of the Privacy Shield text to Bloomberg BNA and said it would be issued when the decision is finalized July 12.
The Privacy Shield is a replacement for the invalidated U.S.-EU Safe Harbor program that was relied on by over 4,400 U.S. companies and tens of thousands of EU companies to legally transfer data to the U.S. Edward Snowden's disclosures about the scope of surveillance by the U.S. National Security Agency prompted EU concerns that the privacy of data transferred to the U.S. wouldn't be protected.
Although the Privacy Shield has made it past its penultimate step in the approval process, it was unclear to what extent the text approved by the Art. 31 committee has changed since the commission published it in draft form Feb. 29 .
The Feb. 29 version of Privacy Shield was amended, with further privacy guarantees from the U.S. authorities, after it was criticized by the Article 29 Working Party of EU privacy officials, the European Data Protection Supervisor and the European Parliament (15 PVLR 825, 4/18/16).
The Privacy Shield was approved by the Art. 31 panel “to nobody's surprise,” Peter Van Dyck, a senior associate with Allen & Overy LLP in Brussels told Bloomberg BNA. It is likely that “nothing fundamental has changed” in the text of the Privacy Shield approved by the committee as compared to the Feb. 29 version, he said.
If there haven't been some changes, it may leave the Privacy Shield open to legal challenge and there is a “good chance Privacy Shield doesn't withstand the test,” Van Dyck said.
Vera Jourová, the European Commissioner for Justice, Consumers and Gender Equality, and U.S. Commerce Secretary Penny Pritzker will sign the final agreement after it receives commission approval.
Van Dyck said the Art. 31 approval of Privacy Shield is a “pragmatic decision” because companies faced great uncertainty in the wake of the invalidation of Safe Harbor and wanted to be able to easily and lawfully transfer personal data to the U.S.
Privacy Shield will be a self-certification framework under which companies agree to abide by EU-equivalent data protection safeguards when transferring the data of EU citizens to the U.S.
When the European Court of Justice—the EU's top court— (14 PVLR 1825, 10/12/15) invalidated the predecessor Safe Harbor in October 2015, it said the program didn't offer sufficient redress opportunities for privacy violations or safeguards against government surveillance of data.
The Privacy Shield arrangement is backed up by an amended U.S. Privacy Act with a redress provision for EU citizens and enforcement mechanisms that allow EU citizens to seek rectification of alleged privacy infringements in the U.S. (15 PVLR 445, 2/29/16). The Privacy Shield also allows individuals to refer any complaints about undue surveillance of data by U.S. authorities to an ombudsman established in the U.S. State Department.
But if Privacy Shield is challenged in the courts on a similar basis to the challenge against Safe Harbor, it may mean “some level of uncertainty” about how long Privacy Shield will last, Van Dyck said.
The commission said in a July 8 statement that the Privacy Shield is “fundamentally different from the old Safe Harbor,” because it “imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice.”
The U.S. had given the EU “written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms, and has ruled out indiscriminate mass surveillance of European citizens' data,” the commission said.
DIGITALEUROPE, an association of information technology and consumer electronics companies, said in a July 8 statement that concerns raised about the commission's Feb. 29 draft Privacy Shield decision had been addressed, and Privacy Shield now “offers greater clarity on data retention, strengthened obligations for onward transfers of data to third countries,” and “assurances on bulk collection” of data by authorities.
DIGITALEUROPE Director General John Higgins said that companies were “ready to implement the new framework and meet the compliance challenge that the strengthened provisions demand.”
The Art. 29 Party said July 1 that it would “conduct a coordinated analysis” of Privacy Shield after it is adopted by the commission.
Van Dyck said that the Art. 29 Working Party's view on the approved Privacy Shield may influence the likelihood of a future court challenge against it, with a court challenge more likely if the privacy officials are “as critical as they were in the past.”
To contact the reporter on this story: Stephen Gardner in Brussels at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)