EU seeks Privacy Shield changes in its first annual review

Proposals include tougher rules around non-compliance and greater cooperation between US and EU authorities

The European Commission has given the green light to the EU-US Privacy Shield agreement following the deal's first annual review, but has urged improvements including a more aggressive approach to tackling non-compliance.

Today's report compiles the findings of a review conducted last month into the effectiveness of the year-old data-sharing agreement, which was designed to guarantee equivalent levels of privacy for EU citizens' personal data when it is transferred to the US, which has weaker privacy laws than the EU's forthcoming General Data Protection Regulation (GDPR).

Advertisement - Article continues below

However, the report found that improvements need to be made to ensure the deal functions effectively in the coming years, including a call for the US Department of Commerce to conduct more proactive and regular monitoring of companies' compliance, and to be more aggressive in the hunting of companies falsely claiming to be signed up to the agreement.

It also recommended closer cooperation between the Department of Commerce, the Federal Trade Commission, and EU data protection authorities, which act as Privacy Shield's main compliance enforcers, including the joint development of official guidance for companies.

Commissioner Vra Jourov said in a press conference today: "Transatlantic data transfers are essential for our economy, but the fundamental right to data protection must be ensured also when personal data leaves the EU. Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation.

Advertisement - Article continues below

"The Privacy Shield is not a document lying in a drawer," added Jourov. "It's a living arrangement that both the EU and US must actively monitor to ensure we keep guard over our high data protection standards."

Advertisement - Article continues below

Privacy Shield was first launched in August 2016 after the previous data sharing agreement, Safe Harbour, was struck down by the European Court of Justice in 2015. In light of the Edward Snowden revelations of widespread US surveillance, the previous agreement was deemed inadequate at protecting the data of EU citizens.

The new rules aim to enshrine legal rights for EU citizens in the event that their personal data is transferred to a US company, such as a US branch of a social media company collecting profile data, althoughJourov acknowledged that more needs to be done to raise awareness of the rights citizens are afforded.

Since its launch, more than 2,400 companies have been certified compliant under Privacy Shield obligations. New elements have also been added over the year, including new tools that allow for greater cooperation between law enforcement agencies on both sides of the Atlantic, as well as the creation of an online platform that is able to handle complaints from the EU.

Advertisement - Article continues below

Today's report has also called for Congress to enshrine the protections offered by former president Obama's Presidential Policy Directive 28 (PPD-28) into the Foreign Intelligence Surveillance Act (FISA), an act which forms the main legal basis for US authorities seeking to access personal data of non-US citizens.

These would limit the scope of FISA, including a clause that limits US surveillance of non-Americans by ensuring it is as tailored and targeted as feasibly possible.The EU is currently working with lobby groups to push this proposal through Congress, butJourovexplained a decision is unlikely to be addressed until the end of the year.

The report will be delivered to the European Parliament, the European Council, and the Article 29 Working Party - a collection of EU member states' data protection regulators. A copy will also be sent to authorities in the US, where the recommendations will be considered over the coming months.

Image: Bigstock

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The best server solution for your SMB

26 Jun 2020