Is the Privacy Shield on borrowed time?
Articles by the same author:
1
3
4
(by Army General (2S) Watin-Augouard, Founder of the FIC)
On October 18th and 19th, the second annual Privacy Shield assessment will be held. The discussions will unfold in a clearly less favorable context than when the Privacy Shield was created. This is reflected in the European Parliament’s resolution dated July 5th 2018, which called upon the Commission to suspend the Data Protection Shield until US authorities complied with the provisions of the agreement.
Let us recall that the Privacy Shield arose from the annulment by the European Union Court of Justice of the Commission’s 2000 / 520CE Decision dated July 26th 2000, which had concluded that the United States respected the Safe Harbor.
European judges considered that the conditions required to ensure an adequate level of protection for data transferred across the Atlantic were not respected. Following negotiations, the decision to implement (EU) 2016/1250 was adopted by the Council on July 12th 2016, after approval by the European Parliament. It took note of the adequate level of protection of personal data transferred from the EU to organizations in the United States under the EU-US Data Protection Shield. Thus the Privacy Shield replaced the Safe Harbor. The Privacy Shield was first revised in September 2017. Based on a report, the Commission considered on October 18th that « US authorities have set up the structures and procedures necessary to ensure the proper functioning of the shield data protection ». This glowing report was based in particular on the access to the new possibilities of taking legal action. However, European data protection authorities and independent bodies such as CNNum did not share this optimism.
The second revision, which is to begin shortly, will most likely be subject to more heated exchanges, considering the European Parliament’s position.
To justify in its resolution that the Data Protection Shield does not provide the adequate level of protection required by EU data protection law and the Charter of Fundamental Rights of the European Union, such as interpreted by the EU Court of Justice, the European Parliament makes several observations, among which:
For all these reasons, the Parliament is increasingly worried that the European Union Court of Justice could invalidate the Commission’s (EU) 2016/1250 on the Data Protection Shield.
This is the context in which the second review of the Privacy Shield will open on October 18th and 19th, 2018. On July 26th, Justice Commissioner Věra Jourová wrote to Wilbur Ross, US Secretary of Commerce, to voice her concerns about the American administration’s tardiness in implementing Privacy Shield measures. The consideration of RGPD measures will also be a subject of debate with US authorities.