European Lawmakers Raise Doubts About EU-U.S. Privacy Shield

    Apr 13, 2016

    At a hearing of the European Parliament's Civil Liberties, Justice and Home Affairs Committee on March 17, a number of witnesses and lawmakers expressed doubt that the EU-U.S. Privacy Shield agreement will prove to be a viable replacement for the invalidated U.S.-EU Safe Harbor framework. 

    Witnesses at the hearing included EU and U.S. negotiators, EU data protection authorities, and representatives of private organizations. 

    In a statement that was representative of the skepticism raised in questions by members of the committee, David Martin with the European consumer organization BEUC stated that the U.S. legal data protection regime does not provide an “essentially equivalent” level of privacy protection, and the Privacy Shield is an unsatisfactory arrangement that puts in danger the fundamental rights of European consumers. He was critical of the purpose limitations, opt-out rule exemptions, arbitration provisions, and self-certification system.

    In response to a question from a legislator, Isabelle Falque-Pierrotin, the chair of the Article 29 Working Party of EU member state data protection commissioners, indicated that there were apparent data protection gaps in the Privacy Shield, particularly a lack of EU privacy principles.

    “We feel there is an absence of rules in the Privacy Shield on data retention,” she said.

    In a March 16 letter to Falque-Pierrotin, more than two dozen privacy and consumer advocacy organizations said ensuring privacy protection on both sides of the Atlantic will require more substantial reforms than those contained in the Privacy Shield.

    “The Privacy Shield should be contingent on U.S. legislative reform of surveillance laws within a reasonable time,” the letter states. “These reforms must include, at a minimum, the incorporation of human rights standards (applying to both U.S. persons and non-U.S. persons), a narrowed definition of ‘foreign intelligence information’ to limit the scope of data collection, and more limited access to, retention of, and use of data after it is collected. Indiscriminate scanning of communications content and metadata, specifically, must be discontinued.”

    At the hearing, U.S. Commerce Department witnesses assured the committee that the agreement has strong legal and enforcement mechanisms that meet the criteria in the ruling by the European Court of Justice when it invalidated the U.S.-EU Safe Harbor framework in October 2015. 

    Deputy Assistant Secretary for Services Ted Dean and Acting Under Secretary Justin Antonipillai cited letters from U.S. law enforcement officials defining limitations on government surveillance; the establishment of an ombudsperson within the U.S. State Department for EU data subject complaints about unwarranted U.S. government national security and law enforcement surveillance access to data; surveillance-related complaints about commercial data transfers from the EU to the United States; legal mechanisms that provide clearly defined enforceable redress options for European citizens who believe their digital privacy has been violated; and annual reviews to ensure that the Privacy Shield is working as effectively as possible. 

    The Article 29 Working Party of EU member state data protection commissioners is currently assessing the February 29 draft "adequacy decision" that the Privacy Shield is adequate to protect the privacy of EU citizens. That assessment is expected to be completed in mid-April, after which the agreement must be ratified by EU member state representatives. Even then, the agreement is expected to be challenged in national courts.

    The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.


    Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International