EU Politicians Tell European Commission To Suspend Privacy Shield Data Transfer Framework

from the US-must-try-harder dept

A couple of months ago, we wrote about an important case at the Court of Justice of the European Union (CJEU), the region's highest court. The final judgment is expected to rule on whether the Privacy Shield framework for transferring EU personal data to the US is legal under EU data protection law. Many expect the CJEU to throw out Privacy Shield, which does little to address the earlier criticisms of the preceding US-EU agreement: the Safe Harbor framework, struck down by the same court in 2015. However, that's not the only problem that Privacy Shield is facing. One of the European Parliament's powerful committees, which helps determine policy related to civil liberties, has just issued a call to the European Commission to suspend the Privacy Shield agreement unless the US tries harder:

The data exchange deal should be suspended unless the US complies with it by 1 September 2018, say MEPs, adding that the deal should remain suspended until the US authorities comply with its terms in full.

There are a couple of reasons why the European Parliament's committee has taken this unusual step. One is the recent furore surrounding Cambridge Analytica's use of personal data collected by Facebook, which the EU politicians incorrectly call a "data breach". However, as they correctly point out, both companies were certified under Privacy Shield, which doesn't seem to have prevented the data from being misused:

Following the Facebook-Cambridge Analytica data breach, Civil Liberties MEPs emphasize the need for better monitoring of the agreement, given that both companies are certified under the Privacy Shield.

MEPs call on the US authorities to act upon such revelations without delay and if needed, to remove companies that have misused personal data from the Privacy Shield list. EU authorities should also investigate such cases and if appropriate, suspend or ban data transfers under the Privacy Shield, they add.

The other concern is the recently-passed Clarifying Lawful Overseas Use of Data Act (CLOUD Act), which grants the US and foreign police access to personal data across borders. This undermines the effectiveness of the privacy protections of the data transfer scheme, since it would allow the personal data of EU citizens to be accessed more easily. The head of the civil liberties committee, Claude Moraes, is quoted as saying:

While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the GDPR.

The mention of the new GDPR there is significant, since it raises the bar for the Privacy Shield framework's compliance with EU data protection laws. A greater stringency makes it more likely that the European Commission will suspend the deal, and that the CJEU will strike it down permanently at some point.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cjeu, data, eu, eu commission, eu parliament, privacy, privacy shield, safe harbor, surveillance, us
Companies: facebook


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 14 Jun 2018 @ 12:29pm

    First: Safe Harbor

    Then: Privacy Shield

    Next: Data Condom

    link to this | view in thread ]

  2. identicon
    stine, 14 Jun 2018 @ 12:34pm

    Re: data condom

    Or somethine equally ridiculous, like "what's the opposite of National Security Letter" or "NSA, who?"

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 14 Jun 2018 @ 1:54pm

    It amazes me

    that they are worried about Cambridge Analytica as well as similar companies and they aren't worried about the NSA, the CIA, or the FBI!

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 14 Jun 2018 @ 2:25pm

    Time to rename it again

    First it was called Safe Harbor, then Privacy Shield. All window dressing. Time to give it a new name now and let it slide by for a few more years.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 14 Jun 2018 @ 9:25pm

    Re: It amazes me

    Click the "struck down" link. Safe Harbor was struck down over NSA spying.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.