Compliance

Privacy Shield dented amid further setbacks in data talks

Businesses face ongoing uncertainty over the transfer of European data to the US, after officials have again failed to reach agreement on the Safe Harbour 2.0 deal.

European officials sitting on the Article 31 committee, which contains representatives from member states and is chaired by a European Commission official, reportedly concluded they need more time to consider the agreement, otherwise known as the Privacy Shield.

More Time

The development comes after European Data Protection Authorities (the so called “Article 29 Working Party” or WP29) – composed of watchdogs from influential member states – failed to give their blessing to the deal.

The WP29 said the proposed Privacy Shield was inadequate in a number of key areas, and that exceptions to allow the US to carry out mass surveillance of EU citizens were “not acceptable.”

And now, after that watchdog rejection, the proposed deal has been hit with another setback after the Article 31 committee concluded that more time was needed to consider the implications of the proposal.

Unlike the WP29, whose opinion is not legally binding and which has no powers to block the new deal, the Article 31 committee does have the power to scupper the proposed Privacy Shield entirely.

It is understood that the Article 31 group is seeking to incorporate a number of recommendations by the data protection authorities (WP29) into any proposed agreement.

The committee has to make a decision by June by voting. If it fails to reach a majority consensus, the group can either drop the proposed agreement, submit a revised draft, or appeal the outcome of the vote.

Of the three options, submitting a revised draft of the Privacy Shield seems the more likely option.

Ongoing Uncertainty

The proposed transatlantic Privacy Shield was finally agreed in early February to replace the previous Safe Harbour legislation. That original data sharing deal with the US was ruled invalid by Europe’s top court on 6 October last year.

The proposed replacement is designed to help firms on both sides of the Atlantic to move the personal data of European citizens to the US without breaking strict EU data transfer rules. The European Commission (EC) published the details of the deal in late February.

But Europeans are concerned about the independence of a new US privacy ombudsman, and are seeking more reassurance over US surveillance practices.

Unfortunately, this delay prolongs the climate of regulatory uncertainty for businesses and places unnecessary strain on the digital economy.

Businesses are concerned that the lack of an agreement could result in them potentially facing legal action over data transfers to the US.

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Share
Published by
Antony Savvas

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago