News Archives

Friday, March 24, 2017

Privacy Shield Update: EU Parliament Restive, No Complaints

On March 23, the EU Parliament’s civil liberties, justice and home affairs committee (LIBE) passed a resolution declaring Privacy Shield to be inadequate and calling upon the European Commission to examine the following deficiencies when it carries out its first annual review this summer:
  • Continued U.S. bulk surveillance of Europeans, in violation of the Schrems ruling by the CJEU
  • The viability of redress mechanisms, which are all U.S.-based
  • The lack of an independent oversight by the U.S. ombudsman 
  • Data retention provisions
The resolution includes explicit references to Yahoo’s October 2017 admission that it created software at the request of the NSA to scan users’ email and the decision of the Obama administration to share raw SIGINT data with 16 other agencies without court order.

The vote by the LIBE committee passed by a narrow margin of 29 to 25.  The resolution is expected to be taken up by the full EU Parliament during the first week of April.

Earlier, the U.S. Dept. of Commerce administrator for the Privacy Shield framework, Catlin Fennessy, stated at a recent IAPP seminar in London that over 1800 companies had certified compliance with the Privacy Shield framework, with another 300 companies in the pipeline. Confirming an earlier analysis by HR Privacy Solutions, Fennessy reported that participants are largely small-to-medium-sized enterprises, with some 70% having fewer than 500 employees.  In addition, participants are heavily slanted towards the technology and consulting sectors.  Perhaps most significantly, no complaints about Privacy Shield from data subjects have reached the FTC, the Commerce Department or the special arbitration mechanism set up as a last-resort option.

No comments:

Post a Comment