EU seeks Privacy Shield changes in its first annual review

Proposals include tougher rules around non-compliance and greater cooperation between US and EU authorities

The European Commission has given the green light to the EU-US Privacy Shield agreement following the deal's first annual review, but has urged improvements including a more aggressive approach to tackling non-compliance.

Today's report compiles the findings of a review conducted last month into the effectiveness of the year-old data-sharing agreement, which was designed to guarantee equivalent levels of privacy for EU citizens' personal data when it is transferred to the US, which has weaker privacy laws than the EU's forthcoming General Data Protection Regulation (GDPR).

Advertisement - Article continues below

However, the report found that improvements need to be made to ensure the deal functions effectively in the coming years, including a call for the US Department of Commerce to conduct more proactive and regular monitoring of companies' compliance, and to be more aggressive in the hunting of companies falsely claiming to be signed up to the agreement.

It also recommended closer cooperation between the Department of Commerce, the Federal Trade Commission, and EU data protection authorities, which act as Privacy Shield's main compliance enforcers, including the joint development of official guidance for companies.

Commissioner Vra Jourov said in a press conference today: "Transatlantic data transfers are essential for our economy, but the fundamental right to data protection must be ensured also when personal data leaves the EU. Our first review shows that the Privacy Shield works well, but there is some room for improving its implementation.

Advertisement
Advertisement - Article continues below

"The Privacy Shield is not a document lying in a drawer," added Jourov. "It's a living arrangement that both the EU and US must actively monitor to ensure we keep guard over our high data protection standards."

Advertisement - Article continues below

Privacy Shield was first launched in August 2016 after the previous data sharing agreement, Safe Harbour, was struck down by the European Court of Justice in 2015. In light of the Edward Snowden revelations of widespread US surveillance, the previous agreement was deemed inadequate at protecting the data of EU citizens.

The new rules aim to enshrine legal rights for EU citizens in the event that their personal data is transferred to a US company, such as a US branch of a social media company collecting profile data, althoughJourov acknowledged that more needs to be done to raise awareness of the rights citizens are afforded.

Since its launch, more than 2,400 companies have been certified compliant under Privacy Shield obligations. New elements have also been added over the year, including new tools that allow for greater cooperation between law enforcement agencies on both sides of the Atlantic, as well as the creation of an online platform that is able to handle complaints from the EU.

Advertisement - Article continues below

Today's report has also called for Congress to enshrine the protections offered by former president Obama's Presidential Policy Directive 28 (PPD-28) into the Foreign Intelligence Surveillance Act (FISA), an act which forms the main legal basis for US authorities seeking to access personal data of non-US citizens.

These would limit the scope of FISA, including a clause that limits US surveillance of non-Americans by ensuring it is as tailored and targeted as feasibly possible.The EU is currently working with lobby groups to push this proposal through Congress, butJourovexplained a decision is unlikely to be addressed until the end of the year.

The report will be delivered to the European Parliament, the European Council, and the Article 29 Working Party - a collection of EU member states' data protection regulators. A copy will also be sent to authorities in the US, where the recommendations will be considered over the coming months.

Image: Bigstock

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/privacy/355048/government-may-trace-covid-19-patients-using-mobile-phone-data
privacy

UK government may trace COVID-19 patients using mobile phone data

20 Mar 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354842/irish-data-regulator-racks-up
General Data Protection Regulation (GDPR)

Irish data regulator racks up GDPR cases against Big Tech

24 Feb 2020
Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/security/phishing/355120/hackers-pose-as-three-to-exploit-high-data-demand
phishing

Hackers target Three customers with "sophisticated" phishing scam

26 Mar 2020