EU seeks Privacy Shield changes in its first annual review

Proposals include tougher rules around non-compliance and greater cooperation between US and EU authorities

The European Commission has given the green light to the EU-US Privacy Shield agreement following the deal's first annual review, but has urged improvements including a more aggressive approach to tackling non-compliance.

Today's report compiles the findings of a review conducted last month into the effectiveness of the year-old data-sharing agreement, which was designed to guarantee equivalent levels of privacy for EU citizens' personal data when it is transferred to the US, which has weaker privacy laws than the EU's forthcoming General Data Protection Regulation (GDPR).

However, the report found that improvements need to be made to ensure the deal functions effectively in the coming years, including a call for the US Department of Commerce to conduct more proactive and regular monitoring of companies' compliance, and to be more aggressive in the hunting of companies falsely claiming to be signed up to the agreement.

It also recommended closer cooperation between the Department of Commerce, the Federal Trade Commission, and EU data protection authorities, which act as Privacy Shield's main compliance enforcers, including the joint development of official guidance for companies.

Commissioner Vra Jourov said in a press conference today: "Transatlantic data transfers are essential for our economy, but the fundamental right to data protection must be ensured also when personal data leaves the EU. Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation.

"The Privacy Shield is not a document lying in a drawer," added Jourov. "It's a living arrangement that both the EU and US must actively monitor to ensure we keep guard over our high data protection standards."

Privacy Shield was first launched in August 2016 after the previous data sharing agreement, Safe Harbour, was struck down by the European Court of Justice in 2015. In light of the Edward Snowden revelations of widespread US surveillance, the previous agreement was deemed inadequate at protecting the data of EU citizens.

The new rules aim to enshrine legal rights for EU citizens in the event that their personal data is transferred to a US company, such as a US branch of a social media company collecting profile data, althoughJourov acknowledged that more needs to be done to raise awareness of the rights citizens are afforded.

Since its launch, more than 2,400 companies have been certified compliant under Privacy Shield obligations. New elements have also been added over the year, including new tools that allow for greater cooperation between law enforcement agencies on both sides of the Atlantic, as well as the creation of an online platform that is able to handle complaints from the EU.

Today's report has also called for Congress to enshrine the protections offered by former president Obama's Presidential Policy Directive 28 (PPD-28) into the Foreign Intelligence Surveillance Act (FISA), an act which forms the main legal basis for US authorities seeking to access personal data of non-US citizens.

These would limit the scope of FISA, including a clause that limits US surveillance of non-Americans by ensuring it is as tailored and targeted as feasibly possible.The EU is currently working with lobby groups to push this proposal through Congress, butJourovexplained a decision is unlikely to be addressed until the end of the year.

The report will be delivered to the European Parliament, the European Council, and the Article 29 Working Party - a collection of EU member states' data protection regulators. A copy will also be sent to authorities in the US, where the recommendations will be considered over the coming months.

Image: Bigstock

Featured Resources

Unleashing the power of AI initiatives with the right infrastructure

What key infrastructure requirements are needed to implement AI effectively?

Download now

Achieve today. Plan tomorrow. Making the hybrid multi-cloud journey

A Veritas webinar on implementing a hybrid multi-cloud strategy

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

The workers' experience report

How technology can spark motivation, enhance productivity and strengthen security

Download now

Recommended

Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

WhatsApp could face €50 million GDPR fine
General Data Protection Regulation (GDPR)

WhatsApp could face €50 million GDPR fine

25 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021