PRIVACY SHIELD FACES FIRST REVIEW
EU wants to ensure US has kept promises to protect citizens’ info on American servers
APACT underpinning billions of dollars of transatlantic data transfers will undergo its first annual review today, with Europe seeking to ensure Washington has lived up to its promises to protect the data of European citizens stored on American servers.
Feted as a milestone in transatlantic relations, which soured after revelations of mass United States surveillance four years ago, the EU-US Privacy Shield data pact has been in place for over a year.
It was hammered out after the European Union’s top court struck down a previous data transfer pact in 2015 because it allowed US spies excessive access to people’s data, plunging everyday cross-border data transfers into legal limbo.
However, it is already subject to two legal challenges in European courts on the grounds that it does not offer adequate privacy protections for European citizens’ data, and EU data protection watchdogs have also expressed misgivings.
The first annual review taking place today and tomorrow will be an opportunity for the European Commission, which negotiated the Privacy Shield, to ensure it is functioning well and that the US is keeping its part of the deal.
“My expectation is that we will find space for improvement,” said EU Justice Commissioner Vera Jourova.
Companies wanting to transfer Europeans’ personal data outside the bloc have to comply with EU data protection rules, which forbid them from transferring personal data to countries deemed to have inadequate privacy protections unless they have legal contracts in place.
The Privacy Shield allows firms to move data across the Atlantic without relying on such contracts, known as model clauses, which are more cumbersome and expensive.
Over 2,400 companies are signed up to the scheme, including Alphabet Inc’s Google, Facebook and Microsoft.
“Virtually every transaction in the trillion-euro transatlantic trade relationship, from the movement of services and capital to the movement of goods and people, heavily relies on the transfer of data between the EU and US,” said Thomas Boue, Director General, Policy, EMEA for BSA, which represents the likes of Apple, Microsoft and IBM.
The commission is also seeking to find out how many requests for people’s data companies had received from US authorities.
“The million dollar question was how many times they were asked by the national secret service,” said Jourova. “This is of big relevance for assessing whether Privacy Shield is successful.”
The commission will produce a report with its conclusions on the review of the Privacy Shield next month. Reuters