A deal has been proposed between the US and the EU over data sharing, intended to ensure the safety of EU citizens’ data when transferred to the United States.
The EU-US Privacy Shield replaces the ‘Safe Harbor’ agreement, which was challenged by Austrian law student Max Schrems in light of revelations by Edward Snowdon that the data of EU citizens was routinely accessed by security agencies in the US. Vera Jourová, the European Commissioner for Justice, explained that the US had given “binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.” The deal includes an annual review of the effectiveness of those assurances and the setting up of a new US body responsible for investigating EU data protection complaints.
The deal is likely to be welcomed by service providers such as Facebook and Google, as it ensures the easy transfer of data outside of the EU to companies who follow the new rules, which are intended to provide an equivalent level of protection for EU citizens as found within the EU itself. However, many will wait and see whether the deal proves robust in the face of potential further legal challenges, as it does not prevent authorities in the US from accessing data – instead merely subjecting them to ‘limitations’. Data can still be accessed where the authorities consider it ‘necessary and proportionate’, leaving open the possibility that privacy will not be protected in a meaningful way.
Before being formally adopted, the agreement is subject to a short consultation period in which the 28 national data protection authorities (Article 29 Working Party) will advise on the details.