European data protection supervisor says Privacy Shield not robust enough

Giovanni Buttarelli said the European Commission needs to develop a longer-term solution for sharing data across continents

The European data protection supervisor has published a report, saying Privacy Shield is not robust enough to withstand sharing of data across the world.

Giovanni Buttarelli said a number of changes need to be made in order for data to be shared reliably between countries without it putting that data or others' privacy at risk.

Advertisement - Article continues below

He said any solution used to replace Safe Harbour must provide "adequate" protection against surveillance by authorities and should be transparent, allowing

Any new legislation should also take into account data protection rights already considered by both governments and private companies in Europe. This is particularly important as the new General Data Protection Regulation (GDPR) is set to come into force in May 2018.

The European Commission needs to ensure that anything introduced to replace Safe Harbour adheres to guidelines set out in the new European legislation so there is no confusion between parties sharing data.

"I appreciate the efforts made to develop a solution to replace Safe Harbour but the Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the Court," Buttarelli said in a statement.

"Significant improvements are needed should the European Commission wish to adopt an adequacy decision, to respect the essence of key data protection principles with particular regard to necessity, proportionality and redress mechanisms. Moreover, it's time to develop a longer term solution in the transatlantic dialogue."

Advertisement - Article continues below
Advertisement - Article continues below

13/04/2016: Europe data watchdogs find flaws in Privacy Shield

Europe's data protection authorities have called for urgent amendments to Privacy Shield, the proposed agreement to safeguard EU data transferred to the US.

The watchdogs, who form the Article 29 Working Party, do not believe the legislation is up to scratch, identifying several changes they believe need to be made.

The group is still concerned about US agencies undertaking mass surveillance on European citizens' data, after Privacy Shield's predecessor, Safe Harbour, being scrapped because it was not deemed to protect personal data adequately.

Privacy Shield would rely on assurances from the US government that it would not spy indiscriminately on EU data, but the Article 29 Working Party does not think these are enough.

It also called into question the impartiality of Privacy Shield's proposed ombudsperson, a US position that would be responsible for tackling EU citizens' complaints about misuse of their data.

Advertisement - Article continues below

The group's chairwoman, Isabelle Falque-Pierrotin, said (via the BBC): "We believe that we don't have enough security [or] guarantees in the status of the ombudsperson and in their effective powers to be sure that this is really an independent authority."

However, it called the document a "great step forward" compared to Safe Harbour, reported Ars Technica.

While the Working Party's conclusion does not mean the European Commission cannot approve Privacy Shield, its findings could become the basis of future legal challenges if the Commission decides not to address them.

It comes after both Microsoft and Box endorsed Privacy Shield, though Box admitted it does not plan to rely on it, exploring alternatives like binding corporate rules as ways to transfer EU data outside of the US securely. 

The watchdogs' conclusions should be published online later today.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020

The growing case for IT flexibility

30 Jun 2020