ARTICLE
28 July 2016

"Battle-Ready" Privacy Shield Gets Muted Welcome From EU Data Protection Authorities

RS
Reed Smith (Worldwide)

Contributor

Reed Smith (Worldwide) logo
Reed Smith is a dynamic international law firm helping clients move their businesses forward. By delivering smart, creative legal services, we enrich clients' experiences with us and support achievement of their business goals. Our longstanding relationships and collaborative structure enable the speedy resolution of complex disputes, transactions, and regulatory matters.
Explore
On 26 July, the Article 29 Data Protection Working Party (WP29) released a statement outlining its opinion on the EU-U.S. Privacy Shield, which was adopted by the European Commission earlier this month.
UK Privacy
Photo of Kate Brimsted
Photo of Cynthia O'Donoghue
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

On 26 July, the Article 29 Data Protection Working Party (WP29) released a statement outlining its opinion on the EU-U.S. Privacy Shield, which was adopted by the European Commission earlier this month. After praising the improvements implemented by the Commission and U.S. authorities since its last critical opinion, the WP29 outlined some remaining concerns, including the lack of:

  • specific rules on automated decisions and a general right to object;
  • clarity regarding how the Privacy Shield applies to processors;
  • strong guarantees regarding the independence and powers of the Ombudsperson mechanism; and
  • concrete assurances that the bulk, indiscriminate collection of EU citizens' personal data will not take place.

The first annual review of the functioning of the Privacy Shield program in 2017, to be conducted by the U.S. Department of Commerce and the European Commission, is clearly seen as important by the WP29, which calls for a more defined role in that process and hints that an adverse review could impact negatively on other data transfer methods, including Binding Corporate Rules.

In the meantime, the EU data protection authorities (DPAs) within the WP29 "commit themselves to proactively and independently assist the data subjects with exercising their rights under the Privacy Shield mechanism, in particular when dealing with complaints". The WP29 has announced it will be producing guidance for data controllers about their obligations under the Shield, and commenting on the citizens' guide produced by the Department of Commerce.

1 August 2016 marks the start of a new chapter for transatlantic data transfers. U.S. companies will be able to self-certify that they abide by the privacy principles set out in the Privacy Shield, providing them with a legal basis to receive personal data from the EU. It is too early to offer predictions on the success of this replacement to Safe Harbor; however, in the short term, the EU DPAs look set to uphold individuals' considerably enhanced rights under the program – and Privacy Shield joiners should prepare themselves accordingly.  

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

Authors
Photo of Kate Brimsted
Kate Brimsted
Photo of Cynthia O'Donoghue
Cynthia O'Donoghue
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More