Policy Observatory
Negotiators in the European Union and the United States have agreed on a stop-gap measure to allow companies to transfer private data overseas. But the “EU-US Privacy Shield” is not likely to withstand legal challenge. To protect privacy, we need reform, not rebranding.
An agreement on data transfers has been reached, but the document has not been published.
EPIC has filed emergency Freedom of Information requests with the US the EU for release of a secret agreement for the transfer of personal data across the Atlantic. A new framework was required by a recent decision of the European Court of Justice. But European and American consumer organizations say the "Privacy Shield" does not provide adequate protection for the transfer of personal data.
American and European officials released details about a new trans-Atlantic data transfer agreement, prompting a new round of debate about how companies like Google move digital information between the two regions.
The United States does not want to change the substance of a data transfer pact agreed in February with the European Commission, a senior official said, after EU privacy watchdogs voiced concerns over elements of the deal.
Last week, the Article 29 Working Party published a non-binding opinion on the framework which called for more reassurances over U.S. surveillance practices and the independence of a new U.S. privacy ombudsman.
The Article 29 Working Party (WP29) agreed that while Privacy Shield is an improvement on Safe Harbour, it's still potted with shortcomings. In its first opinion on the draft text in April, the WP29 was highly critical of the proposed deal. Following its meeting on Monday, the group admitted that the final version has addressed some of its issues, but by no means all of them.