Amongst the commercial issues that it asserted needed further clarification and improvement were purpose limitation, data retention, decisions based solely upon automated processing, onward transfers to third countries and overly complex recourse mechanisms for complainants. With respect to the proposed establishment of an ombudsman, the Working Party voiced doubts that such an individual would have the authority and independence to be effective. On the surveillance side, the Working Party asserted that the assurances provided by U.S. authorities do not go far enough to ensure that massive and indiscriminate surveillance will not occur.
All in all, while welcoming those aspects of the agreement that strengthen protections found in the invalidated Safe Harbor, the Working Party urged the European Commission to resolve the concerns it has expressed and provide the clarifications needed to improve its adequacy decision.
Conspicuously lacking were any mention of model contracts, BCRS, enforcement actions or deadlines for the Commission to secure a stronger agreement with U.S. authorities, suggesting that the DPAS were unable to reach a consensus position on these difficult matters. As a result, thousands of companies transferring data to the U.S. face an indefinite period of legal uncertainty and jeopardy that could last for months and longer. While the UK ICO has already indicated that he will continue to give companies still relying upon Safe Harbor a pass, DPAS in Germany, Spain and France are unlikely to be so tolerant.