European Data Protection Chiefs 'Welcome' Privacy Shield But Raise Concerns
The EU Article 29 Data Protection Working Party, which identified problems with the then-draft Privacy Shield three months ago (see 1604130002), said Tuesday it still has a "number of concerns" with the agreement, formally adopted by the European Commission two…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
weeks ago (see 1607120001). But the group, composed of the national data protection chiefs, said in a news release that it "welcomes the improvements" to the data transfer mechanism with the U.S., basing the progress on the European Court of Justice's October decision that scrapped the old safe harbor agreement. European regulators said they will decide whether their current concerns will have been fixed at the first joint review of the deal between EU and U.S. authorities, about a year from now, and also see if safeguards "are workable and effective." Regulators said that review may also affect other data transfer mechanisms, including binding corporate rules and standard contractual clauses (see 1607060009). The group said it's still concerned with two issues of U.S. government access to Europeans' data. One, they "expected stricter guarantees" about the independence and clout of the U.S. ombudsperson -- a worry raised in their initial review. The ombudsperson position was created to deal with EU citizens' complaint for any misuse of their data. Second, the group said there's a "lack of concrete assurances" that bulk data collection won't occur even though the Office of the Director of National Intelligence has said it won't. European regulators also cited other concerns, including lack of specific rules on automated decisions, no general right to object and how the arrangement will apply to processors. "All in all, the uncertainty about the long term acceptance of the Privacy Shield is set to be prolonged, but on a positive note, the EU regulators appear willing to work with all the parties involved to make it work," emailed Hogan Lovells (London) data protection attorney Eduardo Ustaran. Bijan Madhani, the Computer & Communications Industry Association's public policy and regulatory counsel, said in a statement the Article 29 Working Party's "close examination of the Privacy Shield has helped produce more clarity for companies and citizens alike, and their participation in the joint annual review process is key."