Categories: CloudDatacentre

EU Watchdog: EU-US Privacy Shield Is ‘Not Robust Enough’

A European data protection watchdog has said that the recently published EU-US Privacy Shield agreement needs “significant improvements”, suggesting the deal had been put into place hurriedly and would not hold up to future legal scrutiny.

“It’s time to develop a longer-term solution in the transatlantic dialogue,” said Giovanni Buttarelli, the European data protection supervisor (EDPS), in an official opinion.

Safe Harbour 2.0

The EU-US Privacy Shield, announced in February, is intended to replace a previous agreement known as Safe Harbour that had been in place since 2000.

That deal was revoked in October of last year by the European Court of Justice (ECJ) amid concerns that US intelligence agencies were routinely conducting mass data collection on EU citizens via data held by US companies and transferred under the terms of Safe Harbour.

Buttarelli argued the new agreement would be unlikely to withstand similar legal challenges.

“The Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the Court,” he stated. “Significant improvements are needed… to respect the essence of key data protection principles with particular regard to necessity, proportionality and redress mechanisms.”

EU law prohibits companies operating in the region to transfer data to countries that don’t provide data protections equivalent to those in Europe.

Privacy protections

The Privacy Shield is intended to create such equivalence in practice by introducing an ombudsman in the US to handle complaints from EU citizens and written commitments from US intelligence authorities protecting Europeans’ data from mass surveillance.

The deal also involves an annual assessment designed to address any problems that may have arisen.

But Butarelli pointed out that tougher data-protection rules are coming into effect in Europe under the General Data Protection Regulation (GDPR) and argued the Privacy Shield would be unable to withstand challenges under those statutes, adding that legislators should “take their time in finding an adequate, long-term solution”.

The EDPS’ comments mirror concerns about the EU-US Privacy Shield expressed in an April opinion by the Article 29 Working Party on data protection, to which the EDPS contributed as a member.

The deal is due to be ratified in June.

How much do you know about the cloud? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Malicious Online Ad Campaign Steals User Logins

'Magnat' malicious advertising campaign uncovered by Cisco Talos has been stealing login credentials and other…

23 hours ago

Waymo, Nuro Launch Robo-Delivery Services In California

Cruise starts robo-delivery service in Mountain View as Waymo plans limited trial of grocery-delivery service…

24 hours ago

NSO Spyware ‘Used To Hack US Diplomats’

Apple alerts employees of US State Department of hacking by NSO Group's controversial Pegasus spyware…

1 day ago

Starlink Plans Services In India As SpaceX Breaks Launch Record

Starlink to apply for commercial licence to provide satellite broadband services in India, as parent…

1 day ago

Musk Tesla Share Sale Surpasses $10bn

Elon Musk's Tesla share sell-off surpasses $10 billion as it reaches into fourth consecutive week,…

1 day ago

Uber To Pay $9m Settlement Over Safety Reporting Failure

Uber agrees to pay $9 million to settle dispute with California regulators over its failure…

1 day ago