Keep up with the latest developments and legal issues in the telecommunications and emerging technology sectors, with exclusive access to a comprehensive collection of telecommunications law news,...
March 1 — Much is riding on a crucial opinion on the legality of a new European Union to U.S. data transfer mechanism that EU privacy regulators said will be released in mid-April.
In a statement dated Feb. 29 but published March 1, the Article 29 Working Party of data protection officials from the 28 EU member states will issue at a plenary meeting April 12-13 its opinion on the European Commission's draft adequacy decision on the EU-U.S. Privacy Shield transatlantic data transfer arrangement.
The opinion is significant because it will influence the finalization of the adequacy decision. A commission official who asked not to be named told Bloomberg BNA March 1 that the Art. 29 opinion was “not legally binding, but they are important players.”
The Working Party said it welcomed the draft adequacy decision, and would assess it to “analyze the safeguards provided for in the arrangement on both the commercial aspects and the limitations for national security, public interests and law enforcement purposes.”
The European Commission, the EU's executive arm, published the draft adequacy decision Feb. 29, finding that the EU-U.S. Privacy Shield arrangement should be considered adequate to protect the privacy of EU citizens whose data is transferred to the U.S. by companies that self-certify under the Privacy Shield .
The Privacy Shield is the replacement transfer mechanism for the U.S.-EU Safe Harbor program, under which thousands of U.S. companies and their EU partners relied on as their legal cover for data transfers to the U.S. The European Court of Justice invalidated Safe Harbor in October 2015 on the basis that is did not sufficiently protect the privacy rights of EU data subjects.
The commission official said that the Art. 29 opinion would be considered by a regulatory committee of EU member state representatives, which must approve the Privacy Shield adequacy decision by a qualified majority in order for the commission to finalize and adopt it.
There has been no date set for the regulatory committee vote, and the finalization of the Privacy Shield decision would likely be “a question of months,” the commission official said.
Certification under the Privacy Shield would require companies to demonstrate that they comply with seven data protection principles that summarize EU data protection law, according to the commission's draft adequacy decision.
To contact the reporter on this story: Stephen Gardner in Brussels at email@example.com
To contact the editor responsible for this story: Donald G. Aplin at firstname.lastname@example.org
Notify me when updates are available (No standing order will be created).
Put me on standing order
Notify me when new releases are available (no standing order will be created)