After Safe Harbor: A “Privacy Shield” shall protect the data of European citizens in the US.
In my last post I asked: “After Safe Harbor: Where is the legal certainty promised by the EC?“. Now the follow-up agreement for the regulation of transatlantic data transfers which has been expected for end of January at least is in sight. Yesterday the USA agreed at political level with the EC regarding a new framework with the promising name “EU-US Privacy Shield”.
A shield full of holes?
This shield is based on a statement of the US to stop the mass surveillance of European citizens. The US security authorities should have clear limits regarding the access of data related to individuals. In case of violations of the data protection rights by US authorities it should be possible to contact an independent ombudsman.
In the future the US Department of Commerce shall supervise US companies processing individual-related data of European citizens. Non-compliance with standards shall be sanctioned. However it is not clear which standards are meant. This reminds me of the new German IT Security Act which imposes the compliance with unnamed standards for an abstract group of “owners and operators of critical infrastructure”. The compliance with the “EU-US Privacy Shield” shall be checked together on a yearly basis and the results published by the European Commission.
Low-level data protection
Today the “EU-US Privacy Shield” is not more than a letter of intent at political level. It still must be elaborated in detail und confirmed by the representatives of the EU states. Since there is no substantial improvement compared to Safe Harbor, it will be interesting to see the reaction of the European Court which cancelled the acceptance of Safe Harbor in autumn of 2015 due to the incompatibility with European data protection law.
Of course it is positive that politics has reacted at all and did not leave the IT industry with their investments in the USA in legal uncertainty. However, it is to be feared that data protection, even if legally authorized, is far from a state-of-the-art European level.
What is your oppinion on the new agreement between the USA and the EC?
Picture credit: Shutterstock