Privacy Shield dented amid further setbacks in data talks

Businesses face ongoing uncertainty over the transfer of European data to the US, after officials have again failed to reach agreement on the Safe Harbour 2.0 deal.

European officials sitting on the Article 31 committee, which contains representatives from member states and is chaired by a European Commission official, reportedly concluded they need more time to consider the agreement, otherwise known as the Privacy Shield.

More Time

The development comes after European Data Protection Authorities (the so called “Article 29 Working Party” or WP29) – composed of watchdogs from influential member states – failed to give their blessing to the deal.

The WP29 said the proposed Privacy Shield was inadequate in a number of key areas, and that exceptions to allow the US to carry out mass surveillance of EU citizens were “not acceptable.”

And now, after that watchdog rejection, the proposed deal has been hit with another setback after the Article 31 committee concluded that more time was needed to consider the implications of the proposal.

Unlike the WP29, whose opinion is not legally binding and which has no powers to block the new deal, the Article 31 committee does have the power to scupper the proposed Privacy Shield entirely.

It is understood that the Article 31 group is seeking to incorporate a number of recommendations by the data protection authorities (WP29) into any proposed agreement.

The committee has to make a decision by June by voting. If it fails to reach a majority consensus, the group can either drop the proposed agreement, submit a revised draft, or appeal the outcome of the vote.

Of the three options, submitting a revised draft of the Privacy Shield seems the more likely option.

Ongoing Uncertainty

The proposed transatlantic Privacy Shield was finally agreed in early February to replace the previous Safe Harbour legislation. That original data sharing deal with the US was ruled invalid by Europe’s top court on 6 October last year.

The proposed replacement is designed to help firms on both sides of the Atlantic to move the personal data of European citizens to the US without breaking strict EU data transfer rules. The European Commission (EC) published the details of the deal in late February.

But Europeans are concerned about the independence of a new US privacy ombudsman, and are seeking more reassurance over US surveillance practices.

Unfortunately, this delay prolongs the climate of regulatory uncertainty for businesses and places unnecessary strain on the digital economy.

Businesses are concerned that the lack of an agreement could result in them potentially facing legal action over data transfers to the US.