Here are the developments:
- At the end of April, the U.S. Supreme Court unilaterally amended Rule 41 of the Federal Rule of Criminal Procedure to allow judges to sign warrants allowing federal authorities to hack into computers outside a judge's jurisdiction as part of a criminal investigation and to use one warrant to search multiple computers anywhere. This massive new surveillance capability will come into effect on December 1, unless Congress takes it up before then and votes it down. At a time when the EU has been pressing the U.S. to limit indiscriminate surveillance of its citizens, the new rule clearly bolsters the arguments of European critics about the unreliability of legal protections in the U.S. and could prove to be the nail in the coffin of any new data transfer agreement.
- On May 19, the Article 31 Committee, comprised of ministerial representatives of each of the EU’s 28 member states, met and failed to reach an agreement on the Privacy Shield. The Committee, whose approval is needed if Privacy Shield is to go forward, concluded that more time was needed to consider the implications of the proposal. A qualified majority, or 16 member states representing at least 65% of the EU’s population, must approve the pact.
- On May 23, an open letter from ministers in 14 member states was released, calling for more flexibility for businesses with respect to data protection. A quick check of the population of the signatory countries - Belgium, Bulgaria, Czech Republic, Denmark, Estonia, Finland, Ireland, Latvia, Luxembourg, Lithuania, Poland, Slovenia, Sweden and the UK – reveals that they comprise only 33% of the EU’s population. Achieving the approval of the Article 31 Committee for Privacy Shield appears most unlikely.
- On May 26, the European Parliament approved a resolution calling for the European Commission to reopen negotiations with the U.S. and to fully implement the recommendations of the Article 29 Working Party. The non-binding act was approved by 77% of the MEPs (501 votes to 119, with 31 abstentions).
- On May 30, Giovanni Buttarelli, Europe’s top data protection advisor, slammed the proposed agreement as being “not robust enough to withstand future legal scrutiny before the Court” and called for significant improvements in it. He also argued that the Privacy Shield would be only a short term solution, since it is not compliant with the General Data Protection Regulation, which will enter into force in May 2018.