EU-US data pact faces first major test of credibility
BRUSSELS: A pact underpinning billions of dollars of transatlantic data transfers will undergo its first annual review on Monday, with Europe seeking to ensure Washington has lived up to its promises to protect the data of European citizens stored on US servers.
Feted as a milestone in transatlantic relations, which had soured after revelations of mass US surveillance four years ago, the EU-US Privacy Shield data pact has been in place for just over a year.
It was hammered out after the EU’s top court struck down a previous data transfer pact in 2015 because it allowed US spies excessive access to people’s data, plunging everyday cross-border data transfers into legal limbo.
However, it is already subject to two legal challenges in European courts on the grounds that it does not offer adequate privacy protections for European citizens’ data, and EU data protection watchdogs have also expressed misgivings.
The first annual review taking place on Monday and Tuesday will be an opportunity for the European Commission, which negotiated the Privacy Shield, to ensure it is functioning well and that the US administration is keeping its part of the deal.
“My expectation is that we will find Privacy Shield functioning, we might find some space or room for improvement,” Vera Jourova, EU Justice Commissioner, told Reuters in an interview.
The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to US servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about US spying.
However a new ombudsman has not been appointed under the new US administration, something Jourova said she will push for.
Companies wanting to transfer Europeans’ personal data outside the bloc have to comply with tough EU data protection rules which forbid them from transferring personal data to countries deemed to have inadequate privacy protections unless they have special legal contracts in place.
The Privacy Shield allows firms to move data across the Atlantic without relying on such contracts, known as model clauses, which are more cumbersome and expensive.