News Archives

Wednesday, February 3, 2016

EU-US Agreement Reached but Details Lacking

On Monday, February 2 the European Commission announced that it had reached an agreement with the US on a new framework for transatlantic data flows.  Details of the agreement, to be called the EU-US Privacy Shield, have not been released and judging from testimony by Justice Commissioner Vera Jourova before the Parliament’s LIBE Committee, these details have not been finalized between the EU and the US.  As might be expected, the very sketchy announcement drew expressions of support from industry trade groups in the US and expressions of doubt from privacy advocates in the EU Parliament and elsewhere.  That “the devil is in the details” was a frequent refrain heard from the parliamentarians. 

Under these circumstances, with the Commission barely meeting the Article 29 Working Party’s end-of-January deadline, the Working Party had little choice but to allow more time to evaluate the agreement.  According to a statement released on February 3, the Working Party welcomes the conclusion of the negotiations between the EU and the US and looks forward to receiving the documents it needs to evaluate its viability, requesting receipt of them by the end of February.  In the meantime, the Working Party re-affirms that data transfers under Safe Harbor are unacceptable and that standard contractual clauses and BCRs may be relied upon for the time being. 

Phil Lee from Fieldfisher was first out of the box with an excellent blog on issues relating to the new agreement, not the least of which is market acceptance.  However, one issue not discussed anywhere, as far as I can tell, is what the obligations of US companies will be under the Privacy Shield and how they will become operative.  As announced, the agreement addresses only high-level questions associated with surveillance and its aftermath, making no mention of what privacy standards and practices will be required of companies that may want to avail themselves of its protections.  What has become of the thirteen recommendations for Safe Harbor reform advanced by the Commission back in 2013?  In short, where is the beef on the Privacy Shield bone?   

No comments:

Post a Comment