“There are a few improvements, the most obvious being on the purpose limitation and the duration of data retention by private companies. But even here, the EU standard that data can only be stored as long as this is “necessary” is watered down to “relevant”. Of course, any data can be relevant for the company, but that does not mean it meets the necessity test.”
“At the very least, it should get a sunset clause and expire in two years, when the new EU data protection rules have to be applied. The negotiations should in the meantime continue with the next US administration, which also should amend its laws in the next two years. I know this is difficult given the current situation on Capitol Hill in Washington, but we can’t give US companies such privileged access to EU data transfers market if they don’t follow our standards.”
“All I have seen is a funny attempt to define “bulk collection” as not being “mass surveillance”. The US government is still allowed to do bulk data collection in at least six cases, including gathering “foreign intelligence information”, which can be information on anything from illicit arms trade to legitimate trade agreement protests.”
German Green MEP Jan Philipp Albrecht on the EU-U.S. Privacy Shield.
Link: EU-US “Privacy Shield” – Background and Frequently Asked Questions (FAQ) »