EU data protection agencies remain apprehensive about Privacy Shield
The influential group of European Union data controllers has said it is still concerned about the final version of the Privacy Shield agreement between the EU and US, but will allow it to run unchallenged for one year.
Agreement eases data transfer between EU and US but concerns remain about security - Photo credit: Fotolia
The agreement – which sets out rules for the sharing of data with US companies – is the successor to the ill-fated Safe Harbour agreement that was scrapped last year.
It was approved by the European Commission on 11 July and came into action a day later.
In its first statement on the final version of the agreement, the Article 29 Working Party commended the European Commission for taking into consideration the concerns that the group set out in April.
However, it said, “a number of these concerns remain regarding both the commercial aspects and the access by US public authorities to data transferred from the EU”.
Crucially, the working party said that it “would have expected stricter guarantees concerning the independence and the powers of the Ombudsperson mechanism”. This role – which will look into complaints – was created in an attempt to allay fears about the US government’s use of the public’s data.
In addition, the working party said that there were no “concrete assurances” that bulk collection of data would not take place, despite the commitment made by the US Office of the Director of National Intelligence not to do this.
Concerns around bulk data collection have been raised repeatedly during the negotiations, with the EU's data watchdog, the European Data Protection Supervisor Giovanni Buttarelli, calling for "significant improvements" to the terms in May this year.
He said it was crucial that the agreement provide "adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights”.
In light of these concerns, the Article 29 Working Party group said in its most recent statement that the first joint annual review of the agreement – due in July 2017 – would be a “key moment for the robustness and efficiency of the Privacy Shield mechanism”.
It also set out a number of requirement for that review, which are aimed at making sure the process is transparent and effective.
This included that the terms of the review be clearly defined, and that all members of the review team be allowed access to all the information necessary for the review, including elements that allow a “proper evaluation of the necessity and proportionality of the collection and access to data transferred by public authorities”.
It said that, during that review, the national representatives of the working party would assess not only if the remaining issues have been solved but also if the safeguards provided are “workable and effective”.
Meanwhile, there remain questions over whether the UK will have to sign a similar, separate agreement with the US once it exits the EU, following the results of the referendum in June this year.
Patients in Scotland given option of virtual appointments via PC or mobile device
Government's new Innovation Strategy set out ambitious proposals to update processes, eliminate ageing kit, and embrace emerging technologies. PublicTechnology caught up with...
As the Department for Education refashions itself as a delivery department, its chief digital officer Emma Stace tells PublicTechnology she is determined to make digital ‘just...
Institute for Government says permanent secretaries should spearhead commercial efforts
After more than 20 years of stability, networks are going through a period of dramatic transformation. BT looks beyond the hype at the real benefits of virtualisation.
How can you stay ahead in the fast-paced world of digital technology? BT describes how it's a matter of focus...
The security threat landscape is confusing and changing rapidly – there’s so much out there, how do you understand where the true risks are? BT offers insight from their own experience
Organisations must alter their approach to cyber security recruitment in order to combat the global shortage of security professionals, writes BT