Privacy Shield transatlantic data sharing agreement enters effect

But European privacy regulators will meet to scrutinize the new deal on July 25

After months of uncertainty, businesses will once again have a simple, legal way to export the personal information of European Union citizens to the U.S. for processing from Aug. 1.

Privacy Shield, the replacement for the defunct Safe Harbor Agreement, ensures an adequate level of protection for personal data transferred from the EU to self-certified organisations in the U.S., the European Commission ruled Tuesday morning. It plans to notify the governments of the EU's 28 member states of its adequacy decision later in the day, at which point Privacy Shield will enter effect, although it will still be a few more weeks before companies can register their compliance with it.

It's 16 years since the Commission made a similar adequacy decision regarding Safe Harbor, and nine months since the Court of Justice of the European Union overturned it, saying that an agreement could only be adequate if it provided a level of privacy protection "essentially equivalent" to that of the 1995 Data Protection Directive. Among the CJEU's objections to Safe Harbor in its October 2015 ruling, it noted that "legislation permitting the public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life."


When the first draft of Privacy Shield was published in February, its vague provisions on mass surveillance were criticized from many quarters, including the Commission's own advisors, leading to fears that it would only be a matter of time before the CJEU overturned it too.

But since then the text has been improved, and now reflects the requirements set out by the CJEU, European Commissioner for Justice Vĕra Jourová said, announcing the deal in Brussels.

"Privacy Shield is fundamentally different from Safe Harbor, because we will have an annual joint review which will make it easier to solve any problems that could arise. Since releasing the first draft of Privacy Shield in February we have been able to make it even better and clearer by taking on board the recommendations of Europe's independent data protection authorities as well as the resolution of the European Parliament," she said.

Among the improvements, she said, negotiators have "clarified better when bulk collection of data may occur and what distinguishes it from mass surveillance."

U.S. Commerce Secretary Penny Pritzker, also present, made no reference to surveillance or bulk collection, preferring to focus on the positives.

"For businesses, the framework will facilitate more trade across our borders, more collaboration across the Atlantic, and more job creating investments in our communities," she said. "For consumers, the framework will ensure you have access to your favorite online services and the latest technologies, while strongly protecting your privacy."

Business lobbyists were predictably supportive of the new deal.

"Privacy Shield sets a new high standard for EU-U.S. data transfers. It is a major privacy win for consumers and it provides legal clarity for thousands of European and U.S. firms," said Christian Borggreen, European director of Computer and Communications Industry Association, whose members include the likes of Amazon.com, Google and Microsoft.

But it's not just big business that will benefit, according to BSA The Software Alliance, a group that promotes intellectual property protection. The alternatives to Safe Harbor have been particularly burdensome for small businesses, BSA President and CEO Victoria Espinel said.

"The free flow of data is vital for the transatlantic economy. We are talking about at least half a trillion dollars' worth of commerce annually," said Spinel. "The movement of data across borders enables European and US companies to offer the best services and products to consumers. It is also essential to creating the economic growth and job creation that is so important in both the US and EU."

But Jourová's nice distinction between bulk data and mass surveillance didn't impress campaign group European Digital Rights (EDRI), nor Max Schrems, the Austrian whose complaint to the Irish Data Protection Commissioner about Facebook's handling of his data ultimately led to the CJEU ruling.

"In Annex VI of the Privacy Shield decision, the US government explicitly confirms that U.S. services conduct 'bulk collection' by using data from U.S. companies. While the U.S. highlights what it called limitations (for example for only six broad purposes), the mere possibility of such mass surveillance is contrary to the CJEU judgement," Schrems said via email.

EDRi Executive Director Joe McNamee doesn't give Privacy Shield long: "We now have to wait until the Court again rules that the deal is illegal and then, maybe, the EU and U.S. can negotiate a credible arrangement that actually respects the law, engenders trust and protects our fundamental rights," he said.

Schrems isn't planning an immediate legal challenge to Privacy Shield, but suspects that there will be no lack of possible plaintiffs.

One potential complainant stepped forward almost immediately. The Article 29 Working Party, composed of the EU's national data protection authorities, said Tuesday it is analyzing the final texts of Privacy Shield and will meet on July 25 to agree its position. The working party was critical of the early draft, in particular the way it left the door open to indiscriminate mass surveillance of Europeans' data by U.S. authorities.

Privacy Shield will take effect as soon as member states' governments are notified, something the Commission said it planned to do later Tuesday.

The U.S. Commerce department will accept Privacy Shield self-certifications from Aug. 1.

Join the PC World newsletter!

Error: Please check your email address.

Tags Privacy Shield

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?