Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
European regulators are approaching the Sept. 18 first annual review of the EU-U.S. Privacy Shield data transfer framework with pressing concerns over U.S. government surveillance and potentially indiscriminate processing of EU citizens’ personal information, privacy and security professionals told Bloomberg BNA.
The continuing functioning of the Privacy Shield is critical because nearly 2,500 U.S. companies and tens of thousands of EU companies rely on it to transfer data legally from the European Union to U.S. companies that self-certify to the U.S. Department of Commerce their compliance with EU privacy principles.
The review of the Privacy Shield will focus on U.S. compliance with its privacy commitments under the pact, the pros told Bloomberg BNA.
Among the concerns is that the automated processing of data once it gets to the U.S. may not fully protect privacy, Emerald de Leeuw, CEO of EuroComply Data Protection Technology in Dublin, told Bloomberg BNA.
EU regulators have expressed concern over “the lack of concrete assurances of not conducting mass and indiscriminate collection of personal data,” de Leeuw said.
EU regulators, too, want to know that the U.S. ombudsman office set up to accept individual privacy complaints is effective. Meanwhile, some EU lawmakers have expressed concern that President Donald Trump may not be fully committed to limitations on government surveillance of data transferred to the U.S.
The framework replaced a data transfer agreement that was invalidated by the EU’s top court, in part, over concerns that data transferred to the U.S. might be subject to government misuse. The U.S. and EU agreed to review the replacement Privacy Shield each year to assess how well new privacy protections are working.
Despite concerns, some are confident that the framework will pass its first review.
Robert Litt, of counsel in Morrison & Foerster LLP’s national security and global risk & crisis management practice, and a member of the Privacy Shield negotiating team when he was general counsel at the Office of the Director of National Intelligence, told Bloomberg BNA that the review “will confirm that the Privacy Shield is working as intended.”
The Privacy Shield agreement required the U.S. to appoint an ombudsman to whom individuals can refer any complaints about undue surveillance of data by U.S. authorities.
But the Trump administration hasn’t appointed a permanent ombudsman, something that doesn’t help create EU confidence that privacy is being protected, de Leeuw said. Moreover, the acting ombudsman is a government official, inherently raising concerns about independence, she said.
Some European officials have questioned the independence of the ombudsman. EU Justice Commissioner Vera Jourova, who is leading the EU Privacy Shield review delegation, has said the “independence and efficiency” of the U.S. ombudsman is crucial.
Justin Antonipillai, CEO of data privacy management company WireWheel.io, told Bloomberg BNA in a recent video interview that how U.S. companies deal with automated processing of personal data is of concern to EU officials. Antonipillai was the Commerce acting undersecretary who led the U.S. team that negotiated the Privacy Shield.
Automated processing of personal data raises high-risk privacy concerns under the EU’s new privacy regime, the EU General Data Protection Regulation, which is set to take effect in May 2018.
Some professionals are underwhelmed by the response of U.S. businesses to the Privacy Shield.
The safe harbor program, approved in 2000, had over 5,400 U.S. companies in its registry when Commerce closed it. Less than half that number have applied for Privacy Shield certification since it began taking applications in August 2016, de Leeuw said.
The “Privacy Shield was always going to be a band-aid solution after Safe Harbor was declared invalid,” de Leeuw said. Many companies haven’t found the Privacy Shield “worth their while to sign up,” he said, citing the application numbers.
Others say U.S. businesses are generally supportive of the Privacy Shield as a necessary mechanism to allow data transfers.
The Privacy Shield is proof of the “strong desire on both sides of the Atlantic to ensure privacy and innovation improve together,” Thomas Boue, director general for EMEA policy at BSA | TheSoftware Alliance, said in a Sept. 14 statement.
During its tenure, the Safe Harbor was criticized by EU privacy advocates who alleged the Federal Trade Commission, which didn’t publicize any Safe Harbor enforcement actions until 2009, didn’t do enough to ensure corporate compliance with privacy promises.
The FTC also has enforcement authority over the Privacy Shield. It recently reached settlements against three companies alleged to have falsely claimed Privacy Shield certification.
The Commerce Department didn’t immediately respond to a Bloomberg BNA email requesting comment.
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)