European data protection supervisor says Privacy Shield not robust enough

Giovanni Buttarelli said the European Commission needs to develop a longer-term solution for sharing data across continents

The European data protection supervisor has published a report, saying Privacy Shield is not robust enough to withstand sharing of data across the world.

Giovanni Buttarelli said a number of changes need to be made in order for data to be shared reliably between countries without it putting that data or others' privacy at risk.

He said any solution used to replace Safe Harbour must provide "adequate" protection against surveillance by authorities and should be transparent, allowing

Any new legislation should also take into account data protection rights already considered by both governments and private companies in Europe. This is particularly important as the new General Data Protection Regulation (GDPR) is set to come into force in May 2018.

The European Commission needs to ensure that anything introduced to replace Safe Harbour adheres to guidelines set out in the new European legislation so there is no confusion between parties sharing data.

"I appreciate the efforts made to develop a solution to replace Safe Harbour but the Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the Court," Buttarelli said in a statement.

"Significant improvements are needed should the European Commission wish to adopt an adequacy decision, to respect the essence of key data protection principles with particular regard to necessity, proportionality and redress mechanisms. Moreover, it's time to develop a longer term solution in the transatlantic dialogue."

13/04/2016: Europe data watchdogs find flaws in Privacy Shield

Europe's data protection authorities have called for urgent amendments to Privacy Shield, the proposed agreement to safeguard EU data transferred to the US.

The watchdogs, who form the Article 29 Working Party, do not believe the legislation is up to scratch, identifying several changes they believe need to be made.

The group is still concerned about US agencies undertaking mass surveillance on European citizens' data, after Privacy Shield's predecessor, Safe Harbour, being scrapped because it was not deemed to protect personal data adequately.

Privacy Shield would rely on assurances from the US government that it would not spy indiscriminately on EU data, but the Article 29 Working Party does not think these are enough.

It also called into question the impartiality of Privacy Shield's proposed ombudsperson, a US position that would be responsible for tackling EU citizens' complaints about misuse of their data.

The group's chairwoman, Isabelle Falque-Pierrotin, said (via the BBC): "We believe that we don't have enough security [or] guarantees in the status of the ombudsperson and in their effective powers to be sure that this is really an independent authority."

However, it called the document a "great step forward" compared to Safe Harbour, reported Ars Technica.

While the Working Party's conclusion does not mean the European Commission cannot approve Privacy Shield, its findings could become the basis of future legal challenges if the Commission decides not to address them.

It comes after both Microsoft and Box endorsed Privacy Shield, though Box admitted it does not plan to rely on it, exploring alternatives like binding corporate rules as ways to transfer EU data outside of the US securely. 

The watchdogs' conclusions should be published online later today.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021
Performance benchmark: PostgreSQL/ MongoDB
Whitepaper

Performance benchmark: PostgreSQL/ MongoDB

22 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO
Hardware

Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO

8 Apr 2021