The new ‘Privacy Shield’ data sharing agreement between the United States and European Union may not be adequate, according to leaked documents from key data protection watchdogs.

The transatlantic Safe Harbour 2.0 agreement (or EU-US Privacy Shield) was finally agreed in early February to replace the previous Safe Harbour legislation that was ruled invalid by a European court on 6 October last year.

Not Adequate

After much wrangling and worry, the new agreement was thrashed out between EU and American officials.

But leaked extracts seem to suggest that key European data regulators have their doubts about the new deal, and will not support it in its current form.

The blog of a lawyer and privacy expert Dr. Carlo Piltz first spotted the leaked PDF extract after the German Data Protection Authorities (DPAs) met to discuss several current privacy topics.

These DPAs provided a hyperlink to a PDF file (since deleted) containing the initial assessment of the agreement by the European Data Protection Authorities (the so called “Article 29 Working Party”).

Back in February the WP29 said they would take a couple of months to examine the new data sharing agreement.

“Until these issues are addressed, the WP29 considers it is not in a position to reach an overall conclusion on the draft adequacy decision,” the extract states.

It stresses that some of the clarifications and concerns – in particular relating to national security – may also impact the viability of the other transfer tools.

“Therefore, the WP29 is not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection that is essentially equivalent to that in the EU,” it concludes.

Potential Impact

This is a very serious conclusion indeed, as it suggests the new agreement does not meet current European data protection levels, and therefore the new data sharing agreement will not stand up to a legal challenge in the courts.

This could potentially pose yet more uncertainties for businesses, especially since they could potentially face legal action over the matter.

It should be noted that although WP29 only issues recommendations, it is influential as its members enforce data protection across Europe, and the European Commission has asked for its expert guidance on the new pact.

The group is expected to reach a conclusion by the end of April, but WP29 is known to have concerns about the legality of transfer mechanisms, in light of US intelligence agencies’ access to European citizens’ data.

“These excerpts show that the European Data Protection Authorities are not able to okay the draft adequacy decision by the European Commission,” blogged Berlin-based Dr. Piltz.

But he noted that the opinion of WP29 is not legally binding and “a result would not necessarily stop the whole the EU-US Privacy Shield from becoming effective.”

What do you know about privacy? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

12 hours ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

14 hours ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

16 hours ago

Texas Social Media Law Battle Heads To Supreme Court

Battle between Texas and social networking giants reaches US Supreme Court, and it could decide…

17 hours ago

UK Can Legally Launch Cyberattacks Against Hostile Nations, Says AG

Chief legal advisor to government says UK can legally launch cyberattacks against hostile nations, and…

21 hours ago