Year-old ‘Privacy Shield’ framework given positive review by Europe
The framework enables US-based companies to comply with EU data protection requirements and avoid specialized legal contracts.
The European Union has reviewed the year-old EU-US Privacy Shield framework and given it a preliminary OK, according to Reuters. A negative finding would have meant suspension of the agreement affecting thousands of US companies processing European citizens’ data.
Negotiated during the Obama administration, the agreement is “a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.” It implicates many billions of dollars in advertising and commerce.
The previous “Safe Harbor” agreement was invalidated by the European Court of Justice in 2015 because of the perceived risk of US government spying on EU citizens when their data came in contact with US company servers. The Privacy Shield replaced it and offers enhanced protections for EU data.
Among the obligations of US companies and the US government are the following:
- US companies processing EU citizens’ data are required to commit to specific obligations regarding how data is processed.
- Access to EU data for law enforcement and national security reasons is subject to safeguards and oversight.
- Any European who believes his/her data has been misused has a number of redress options.
- An Office of the Ombudsman in the US State Department exists to address complaints from European privacy regulators.
The European Commission audit of Privacy Shield found that US compliance was satisfactory. However, according to Reuters, there were some criticisms and requests that the program be improved:
- The EU wants the US to appoint a permanent Privacy Shield Ombudsperson.
- The EU requested that open US seats on a Privacy and Civil Liberties Oversight Board be filled.
- The EU wants strengthening of privacy protections contained in the US Foreign Intelligence Surveillance Act.
Currently, there are more than 2,000 companies that have signed on to Privacy Shield, including Google, Microsoft and Facebook. However, it is being legally challenged by privacy advocates in European courts as inadequate.
With its more protectionist trade impulses and hostility to the Obama Administration’s policies, it’s unclear what the Trump Administration’s position is on Privacy Shield and EU requests to strengthen its provisions. There have been no public remarks from State or Commerce Department officials.