News Archives

Saturday, April 9, 2016

German DPA: Privacy Shield Will Not be Approved by Art 29 WP

Next week is shaping up to be pivotal in the annals of European data protection.  Besides the expected final approval and promulgation of the General Data Protection Regulation, it appears that the week will also see the Article 29 Working Party reject the EU-U.S. Privacy Shield agreement.  According to a leak by the data protection authority of Baden-Württemberg, the Working Party will identify a number of issues that need to be addressed before it will be in a position to reach an overall conclusion on the draft adequacy decision for Privacy Shield prepared by the European Commission.  Less diplomatically and more pointedly, the Working Party was reported to be prepared to turn to the Court of Justice of the European Union if the Commission decides to launch the Privacy Shield program without fixing the problems that have been identified.
There was no mention in the leaked documents of what the regulators plan to do about enforcement actions against companies still relying upon Safe Harbor, during the time that the prospects for Privacy Shield remain in question.  In the absence of serious and significant enforcement actions, however, what incentive is there for the U.S. government to address the deficiencies in Privacy Shield should the Commission decide to continue negotiating?  From the U.S. perspective, a de facto indefinite grace period vis-à-vis enforcement is a desirable outcome.

Bottom line:  companies receiving personal data from Europe are likely to face at the very least an extended period of uncertainty about compliance with European data protection law and quite possibly significant enforcement actions should they continue to rely upon Safe Harbor.

No comments:

Post a Comment