The new ‘Privacy Shield’ data sharing agreement between the United States and European Union may not be adequate, according to leaked documents from key data protection watchdogs.

The transatlantic Safe Harbour 2.0 agreement (or EU-US Privacy Shield) was finally agreed in early February to replace the previous Safe Harbour legislation that was ruled invalid by a European court on 6 October last year.

Not Adequate

After much wrangling and worry, the new agreement was thrashed out between EU and American officials.

But leaked extracts seem to suggest that key European data regulators have their doubts about the new deal, and will not support it in its current form.

The blog of a lawyer and privacy expert Dr. Carlo Piltz first spotted the leaked PDF extract after the German Data Protection Authorities (DPAs) met to discuss several current privacy topics.

These DPAs provided a hyperlink to a PDF file (since deleted) containing the initial assessment of the agreement by the European Data Protection Authorities (the so called “Article 29 Working Party”).

Back in February the WP29 said they would take a couple of months to examine the new data sharing agreement.

“Until these issues are addressed, the WP29 considers it is not in a position to reach an overall conclusion on the draft adequacy decision,” the extract states.

It stresses that some of the clarifications and concerns – in particular relating to national security – may also impact the viability of the other transfer tools.

“Therefore, the WP29 is not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection that is essentially equivalent to that in the EU,” it concludes.

Potential Impact

This is a very serious conclusion indeed, as it suggests the new agreement does not meet current European data protection levels, and therefore the new data sharing agreement will not stand up to a legal challenge in the courts.

This could potentially pose yet more uncertainties for businesses, especially since they could potentially face legal action over the matter.

It should be noted that although WP29 only issues recommendations, it is influential as its members enforce data protection across Europe, and the European Commission has asked for its expert guidance on the new pact.

The group is expected to reach a conclusion by the end of April, but WP29 is known to have concerns about the legality of transfer mechanisms, in light of US intelligence agencies’ access to European citizens’ data.

“These excerpts show that the European Data Protection Authorities are not able to okay the draft adequacy decision by the European Commission,” blogged Berlin-based Dr. Piltz.

But he noted that the opinion of WP29 is not legally binding and “a result would not necessarily stop the whole the EU-US Privacy Shield from becoming effective.”

What do you know about privacy? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

2 days ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

2 days ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

2 days ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

3 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

3 days ago