Privacy Engine
The PrivacyEngine Team
According to several news reports, the EU Commission has sent a revised draft of the Privacy Shield adequacy decision to the Article 31 Committee. The EU, therefore, looks set to approve the much-delayed and criticised agreement after several months of controversy and negotiation.
The Committee was established by Article 31 of Directive 95/46/EC and is comprised of representatives of the Member States who cooperate in taking decisions whenever Member States' approval is required under the Directive. Mid-level diplomats who sit on the Committee have the power of veto over the whole Privacy Shield agreement. They concluded in April that more time was needed to consider the implications of the proposal at hand, and that exceptions contained in the proposed framework to permit the US authorities to carry out mass surveillance of EU citizens were "not acceptable." This decision was reached following the recommendations of the Article 29 Data Protection Working Party which claimed that further changes needed to be made to the agreement before it could be viewed as fully adequate under EU data protection laws. These recommendations were later supported by the European Data Protection Supervisor, who stated that Privacy Shield in its current guise would not be capable of withstanding future legal scrutiny and would be destined to suffer the same fate as its predecessor; ‘Safe Harbor’.
The Privacy Shield agreement is seen as critical in giving international companies some level of certainty and security when transferring the personal data of EU citizens to the US. The voluntary Safe Harbor scheme was initially created because the US doesn't meet the EU’s adequacy standards. However, since Safe Harbor was abolished by the European Court of Justice last October, businesses have been in legal limbo and forced to rely on temporary ‘Model Contracts’ to safeguard the transfer of data to the US.
Nevertheless, it is now clear that European data protection authorities and the European Parliament will not approve a weak proposal regardless of the disruption that may be caused. Complicating matters further still for Irish and European business is the after-effects of the Brexit vote as UK may now be forced to establish its own Privacy Shield-style agreement with the US.
We’ve got more coming…
Want to hear from us when we add new articles? Sign up for our newsletter and we'll email you every time we release a new article, as well as other resources.
