EU data protection agencies remain apprehensive about Privacy Shield
The influential group of European Union data controllers has said it is still concerned about the final version of the Privacy Shield agreement between the EU and US, but will allow it to run unchallenged for one year.
Agreement eases data transfer between EU and US but concerns remain about security - Photo credit: Fotolia
The agreement – which sets out rules for the sharing of data with US companies – is the successor to the ill-fated Safe Harbour agreement that was scrapped last year.
It was approved by the European Commission on 11 July and came into action a day later.
In its first statement on the final version of the agreement, the Article 29 Working Party commended the European Commission for taking into consideration the concerns that the group set out in April.
However, it said, “a number of these concerns remain regarding both the commercial aspects and the access by US public authorities to data transferred from the EU”.
Crucially, the working party said that it “would have expected stricter guarantees concerning the independence and the powers of the Ombudsperson mechanism”. This role – which will look into complaints – was created in an attempt to allay fears about the US government’s use of the public’s data.
In addition, the working party said that there were no “concrete assurances” that bulk collection of data would not take place, despite the commitment made by the US Office of the Director of National Intelligence not to do this.
Concerns around bulk data collection have been raised repeatedly during the negotiations, with the EU's data watchdog, the European Data Protection Supervisor Giovanni Buttarelli, calling for "significant improvements" to the terms in May this year.
He said it was crucial that the agreement provide "adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights”.
In light of these concerns, the Article 29 Working Party group said in its most recent statement that the first joint annual review of the agreement – due in July 2017 – would be a “key moment for the robustness and efficiency of the Privacy Shield mechanism”.
It also set out a number of requirement for that review, which are aimed at making sure the process is transparent and effective.
This included that the terms of the review be clearly defined, and that all members of the review team be allowed access to all the information necessary for the review, including elements that allow a “proper evaluation of the necessity and proportionality of the collection and access to data transferred by public authorities”.
It said that, during that review, the national representatives of the working party would assess not only if the remaining issues have been solved but also if the safeguards provided are “workable and effective”.
Meanwhile, there remain questions over whether the UK will have to sign a similar, separate agreement with the US once it exits the EU, following the results of the referendum in June this year.
A recent study finds that the pandemic has boosted budgets – but legacy tech remains a big barrier to progress
Dstl opens north-east base
Coronavirus has shown the power of data and, according to Sue Daley of techUK, it is crucial that the UK implements the right laws to govern its use and protection
Memo from top brass preps officials for world in which government is more data-driven and less risk-averse
There are many reasons to keep your Oracle workloads running on local servers. But there are even more reasons to move them to the cloud as part of a wider digital transition strategy. Six Degrees...
Cloud-based applications can provide ways for agencies and departments to innovate and operate in new ways, as the past year has highlighted they must, writes Oracle
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.
SolarWinds explains how public sector organisations can make the most of their hybrid IT investments - delivering services that are both innovative and reliable