Archive | EU-US Privacy Shield

European Parliament worried about EU-US Privacy Shield

New rules allowing the US National Security Agency (NSA) to share private data with other US agencies without court oversight, recent revelations about surveillance activities by a US electronic communications service provider and vacancies on US oversight bodies are among the concerns raised by MEPs in a resolution passed on Thursday.

In short, the EU-US Privacy Shield (replacing the »Safe Harbour«-agreement) falls short – especially considering the actions of the new US administration.

Data Privacy Shield: MEPs alarmed at undermining of privacy safeguards in the US »


Trump executive order might freeze all transfer of personal data from the EU to the US

This is interesting. US President Trumps executive order on »public safety« directs all federal agencies to exclude non-US citizens / non-permanent residents from the Privacy Act protection from mass surveillance.

It is very unclear what this will lead to when it comes to transfer of European personal data to the US. Under the so-called EU-US Privacy Shield, such data shall enjoy adequate privacy protection. There is already criticism that the arrangements in this agreement are too weak. And today’s executive order might invalidate them altogether.

If so, there can be no transfer of personal data from the EU to the US. This would have far-reaching consequences for US companies, from e.g. retail business to social networks.

The EU Commission seems to hope for special US legislation related to the Privacy Shield. But the question is if the above executive order doesn’t trump any such schemes.


Update / more input:
• Techcrunch: Trump order strips privacy rights from non-U.S. citizens, could nix EU-US data flows »
• Engadget: Trump signs executive order stripping non-citizens of privacy rights »
• EU Observer: Trump’s anti-privacy order stirs EU angst »
• Techdirt: Already Under Attack In Top EU Court, Privacy Shield Framework For Transatlantic Data Flows Further Undermined By Trump »


EU-US Privacy Shield sent to court

The EU was warned not to hasten when replacing the fallen “Safe Harbour” agreement with the US with a new agreement to protect European personal data. But the EU Commission did. And it did a poor work.

The new agreement – the EU-US Privacy Shield – suffers much the same problems as its predecessor. Immediately here were warnings that if it is to be sent to court, it will meet the same fate as the previous agreement: Invalidation.

And here we go…

Privacy Shield legal spat puts EU-US data flows at risk again »


FAQ: EU-US Privacy Shield

“There are a few improvements, the most obvious being on the purpose limitation and the duration of data retention by private companies. But even here, the EU standard that data can only be stored as long as this is “necessary” is watered down to “relevant”. Of course, any data can be relevant for the company, but that does not mean it meets the necessity test.”

“At the very least, it should get a sunset clause and expire in two years, when the new EU data protection rules have to be applied. The negotiations should in the meantime continue with the next US administration, which also should amend its laws in the next two years. I know this is difficult given the current situation on Capitol Hill in Washington, but we can’t give US companies such privileged access to EU data transfers market if they don’t follow our standards.”

“All I have seen is a funny attempt to define “bulk collection” as not being “mass surveillance”. The US government is still allowed to do bulk data collection in at least six cases, including gathering “foreign intelligence information”, which can be information on anything from illicit arms trade to legitimate trade agreement protests.”

German Green MEP Jan Philipp Albrecht on the EU-U.S. Privacy Shield.

Link: EU-US “Privacy Shield” – Background and Frequently Asked Questions (FAQ) »


EU-US Privacy Shield adopted by the EU despite privacy flaws

The much criticized EU-U.S. Privacy Shield agreement concerning data protection for personal data transferred from the EU to the U.S. has – as expected – been approved by EU member states.

• Statement by Vice-President Ansip and Commissioner Jourová on the occasion of the adoption by Member States of the EU-U.S. Privacy Shield »

• Privacy Shield data pact gets European approval »

• EU-U.S. commercial data transfer pact clears final hurdle »

• New Privacy Shield Could Face Legal Challenge in Europe, Experts Say »

• Official: Privacy Shield dragged across finish line »

Most likely this agreement will end up in the European Court of Justice – as it is suffering from many of the same shortcomings as its predecessor, the Safe Harbour agreement. The latter was invalidated by the court for violating citizens rights to privacy.


EU to adopt EU-US Privacy Shield shotrly

Privacy Shield—the much maligned replacement to the Safe Harbour deal between the European Union and the US—looks set to be approved by national representatives on Friday, Ars understands.

The scheme, which will allow the transfer of personal data from the EU to the US despite privacy and data protection concerns, has faced an uphill battle. Brussels officials who negotiated the deal on behalf of the EU have been desperate to push it through in the face of criticism from the European Data Protection Supervisor, national data protection authorities, and the European Parliament, in order to give some legal certainty to companies that rely on transatlantic data flows. (…)

The agreement is expected to be formally adopted by the European Commission next Monday, followed by the deal being inked by justice commissioner Vera Jourová and US secretary of commerce Penny Pritzker on Tuesday.

Jennifer Baker in Ars Technica: Privacy Shield to be dragged across finish line—sources »