European Data Protection Supervisor Giovanni Buttarelli has said that the Privacy Shield agreement is not robust enough to withstand future legal scrutiny.
Buttarelli, who is responsible for ensuring European institutions respect the right to privacy when developing policies, published his official opinion on the EU-US agreement on 30 May.
In it, he stated that Privacy Shield needed “significant improvements” if the European Commission wanted to adopt it, and called for a “longer-term solution in the Transatlantic dialogue”.
Privacy Shield was developed after the Safe Harbour framework – intended to help US companies legally access EU data – was scrapped in October last year for failing to provide proper protection for the transfer of personal data.
However, Buttarelli’s statement said that for the Privacy Shield to be effective “it must provide adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights”.
The statement also notes that when the General Data Protection Regulation comes into force across the EU in May 2018, it will be applicable to all data protection related matters, including data transfer.
“In the EU we do not discriminate on the basis of nationality,” the statement said. “Key data protection principles must be covered in the Privacy Shield for it to offer essential equivalence between EU-U.S. law.”
Buttarelli’s opinion echoes that of the Article 29 Data Protection Working Party, published in April this year, which said that the Privacy Shield framework lacked clarity and called for a more detailed analysis of many aspects of the agreement.