left-caret
Insights

ph privacy

Privacy Shield Set For Formal Adoption Next Week: Beyond That, The Future Is Cloudy

July 08, 2016

By Katie Sheridan

A key European Union committee with responsibility for privacy determinations today approved the new EU-US Privacy Shield.  With that approval, formal adoption by the European Commission is expected next week.

In a

issued by European Commission Vice President Ansip and Commissioner Jourová, the Commission touted the differences between the new Privacy Shield and the now-defunct Safe Harbor, .  These differences include:

  1. Clear and strong obligations imposed on companies that handle data;

  2. Written assurances by U.S. authorities that their access to data in the name of law enforcement or national security will be subject to clear limitations, safeguards and oversight mechanisms, and the further promise that EU citizens’ data will not be subject to mass surveillance; and

  3. Redress mechanisms for European citizens concerned that their privacy rights have been violated.

The support expressed by the European Commission and by some industry groups like

is not universal.  The Privacy Shield, , has been subject to months of criticism for failing to do enough adequately to address the concerns that led to the dismantling of the Safe Harbor.  In April, another EU organization, the  that the Privacy Shield was unclear and inconsistent, omitted or inadequately substituted key data protection principles, offered overly complex redress mechanisms, failed to give adequate assurance that U.S. authorities would refrain from engaging in “massive and indiscriminate collection of personal data” from the EU, and failed to vest the newly-established Ombudsperson with sufficient independence and power to exercise its duty effectively.  The in a May resolution highlighting “deficiencies” it perceived in the Privacy Shield.

The draft Privacy Shield underwent revision in response to these and other concerns raised, but some continue to criticize the agreement.  Indeed, just yesterday,

based on leaked text that it obtained, contending that the revised document’s length and complexity make it “difficult for anyone to assess what guarantees are provided … and how they would apply in practice.”  The group criticized several aspects of the agreement, focusing heavily on a perceived weakness in protections against governmental surveillance.

Against that backdrop, two things are clear:

  • Privacy Shield will be adopted; and

  • Legal challenges in the European courts are sure to follow.

Beyond that, it is anybody’s guess.