EU seeks Privacy Shield changes in its first annual review

Proposals include tougher rules around non-compliance and greater cooperation between US and EU authorities

The European Commission has given the green light to the EU-US Privacy Shield agreement following the deal's first annual review, but has urged improvements including a more aggressive approach to tackling non-compliance.

Today's report compiles the findings of a review conducted last month into the effectiveness of the year-old data-sharing agreement, which was designed to guarantee equivalent levels of privacy for EU citizens' personal data when it is transferred to the US, which has weaker privacy laws than the EU's forthcoming General Data Protection Regulation (GDPR).

However, the report found that improvements need to be made to ensure the deal functions effectively in the coming years, including a call for the US Department of Commerce to conduct more proactive and regular monitoring of companies' compliance, and to be more aggressive in the hunting of companies falsely claiming to be signed up to the agreement.

It also recommended closer cooperation between the Department of Commerce, the Federal Trade Commission, and EU data protection authorities, which act as Privacy Shield's main compliance enforcers, including the joint development of official guidance for companies.

Advertisement
Advertisement - Article continues below

Commissioner Vra Jourov said in a press conference today: "Transatlantic data transfers are essential for our economy, but the fundamental right to data protection must be ensured also when personal data leaves the EU. Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation.

"The Privacy Shield is not a document lying in a drawer," added Jourov. "It's a living arrangement that both the EU and US must actively monitor to ensure we keep guard over our high data protection standards."

Privacy Shield was first launched in August 2016 after the previous data sharing agreement, Safe Harbour, was struck down by the European Court of Justice in 2015. In light of the Edward Snowden revelations of widespread US surveillance, the previous agreement was deemed inadequate at protecting the data of EU citizens.

The new rules aim to enshrine legal rights for EU citizens in the event that their personal data is transferred to a US company, such as a US branch of a social media company collecting profile data, althoughJourov acknowledged that more needs to be done to raise awareness of the rights citizens are afforded.

Since its launch, more than 2,400 companies have been certified compliant under Privacy Shield obligations. New elements have also been added over the year, including new tools that allow for greater cooperation between law enforcement agencies on both sides of the Atlantic, as well as the creation of an online platform that is able to handle complaints from the EU.

Today's report has also called for Congress to enshrine the protections offered by former president Obama's Presidential Policy Directive 28 (PPD-28) into the Foreign Intelligence Surveillance Act (FISA), an act which forms the main legal basis for US authorities seeking to access personal data of non-US citizens.

These would limit the scope of FISA, including a clause that limits US surveillance of non-Americans by ensuring it is as tailored and targeted as feasibly possible.The EU is currently working with lobby groups to push this proposal through Congress, butJourovexplained a decision is unlikely to be addressed until the end of the year.

The report will be delivered to the European Parliament, the European Council, and the Article 29 Working Party - a collection of EU member states' data protection regulators. A copy will also be sent to authorities in the US, where the recommendations will be considered over the coming months.

Image: Bigstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019