The data-sharing agreement could be put on hold from 1 September if the Trump administration continues to delay compliance
The European Commission has said the EU’s Privacy Shield data-sharing agreement with the US could be suspended in a few weeks’ time if the current US administration continues to delay full compliance with its terms.
The Commission’s comments follow the approval by the European Parliament’s Civil Liberties Committee of a June resolution calling for Privacy Shield to be suspended if the US doesn’t comply by 1 September.
MEPs said the deal should remain suspended until full compliance by the US administration, adding that the Facebook and Cambridge Analytica data scandal underscores the need for better monitoring of the agreement.
Both Facebook and the now defunct political consultancy are accredited under Privacy Shield, but the allegedly improper use of 87 million citizens’ data took place before Privacy Shield took effect in 2016.
EU commissioner for justice Vera Jourova has written to US commerce secretary Wilbur Ross to demand progress on the US administration’s appointment of senior personnel to oversee Privacy Shield, which was agreed under the Obama administration.
The deal is used by more than 3,350 US and EU companies for the free transfer of information across the Atlantic, and was put into place in 2016 after the European Court of Justice struck down a previous arrangement.
The court invalidated 2000’s Safe Harbour agreement over concerns that it was making Europeans’ personal data subject to mass collection and analysis by US intelligence agencies.
Privacy Shield was specifically set up to ensure such surveillance didn’t take place, but the Trump administration has criticised European privacy laws such as the new GDPR and has failed to appoint a senior ombudsman to handle complaints from EU citizens.
Jourova’s 26 July letter demands progress on the matter ahead of an October visit to Brussels by Ross that month.
“Now that the new state secretary is in office and we are almost two years into the term of this administration, the European stakeholders find little reason for the delay in the nomination of a political appointee for this position,” Jourova wrote, according to several reports.
If Privacy Shield were suspended it could mean chaos for the thousands of companies who rely on it, forcing them to find an alternative legal basis for their mass data transfers.
Tensions are currently on the rise between the EU and the US, with Trump threatening new trade barriers and criticising a record 4.3bn euro (£3.83bn) fine levied on Google by the European Commission.
The Privacy Shield crisis also comes amidst the ongoing furore around the Facebook and Cambridge Analytica scandal, which the EU estimates involved the data of 2.7m European citizens.
Jourova told the Financial Times the scandal was a “typical case for the enhanced due diligence provided by the Privacy Shield”, while also being “big enough to attract the attention of US authorities”.
Privacy Shield is due for its second annual review by the European Commission in October. The EU has the power to unilaterally revoke the deal if it finds the US isn’t meeting adequate data privacy standards.
The agreement has been criticised since its introduction as inadequate, notably by EU data protection authorities, and is also being challenged by privacy attorney Max Schrems.