EU-US Privacy Shield Faces European Legal Challenge

Irish privacy campaign group files legal challenge, arguing Privacy Shield is not strong enough

Digital Rights Ireland (DRI), a digital rights lobbying and advocacy NGO, has reportedly launched a legal challenge to the European Commission’s Privacy Shield data framework, the replacement of the EU-US Safe Harbour deal that had been in place since 2000.

The campaign group argued that the replacement Privacy Shield, that came into force in July, does not contain adequate privacy protections, several people familiar with the matter were quoted by Reuters as saying.

Legal Challenge

Europe 3DRI has filed the challenge (case number T-670/16) with Europe’s second highest court, the Luxembourg-based General Court.

This is the lower court of the Court of Justice of the European Union or ECJ.

The case indicates it is an “action for annulment”, but it could take the European court a year or more before it rules on the case.

And it seems that the whole challenge could be thrown out and declared inadmissible if the court finds the Privacy Shield is not of direct concern to Digital Rights Ireland, two of the people told Reuters.

Digital Rights Ireland reportedly declined to comment on the matter.

“We are aware of the application (for annulment),” a spokesman for the European Commission reportedly said. “We don’t comment on ongoing court cases. As we have said from the beginning, the Commission is convinced that the Privacy Shield will live up to the requirements set out by the European Court of Justice (ECJ) which has been the basis for the negotiations.”

Long Journey

The need for a new data sharing agreement between the EU and the US came about after the decision last October by the ECJ to strike down the original data sharing (Safe Habour) deal with the United States that had lasted fifteen years.

That decision came on the back of the NSA spying activities as revealed by whistleblower Edward Snowden.

The replacement Privacy Shield did not experience an easy ride however. The United States and the European Union were forced to change it after an initial agreement submitted in February was rejected by European Watchdogs for not being robust enough.

The two sides then agreed to stricter rules for companies holding information on Europeans and clearer limits on US surveillance. And this reworked Privacy Shield agreement was then approved by EU member states and adopted in July.

It has already been adopted by technology giants such as Google, Microsoft and Facebook, among others.

After the Brexit vote, the Information Commissioner’s Office (ICO) said that future data protection regulations will have to be as strong as those afforded by the EU if the UK wants to continue trading with the bloc once it leaves.

How much do you know about the European Commission? Take our quiz!