Leaked information casts doubt on Privacy Shield

News by Max Metzger

Leaked information from the working group reviewing Privacy shield highlights scepticism from within the EU about whether the new privacy regime goes far enough

Leaked information has shed poor light on incoming European privacy legislation. In fact, that new leaked information suggests that the working group for Privacy Shield will reject Europe's new privacy regime in its current form.

The document, originally published in German, was first found by Dr Carlos Piltz, a lawyer and privacy expert, who printed two extracts on his blog.

The extracts say that until certain issues are addressed, the working group “considers it is not in a position to reach an overall conclusion on the draft adequacy decision. It stresses that some of the clarifications and concerns – in particular relating to national security – may also impact the viability of the other transfer tools.”

“Therefore,” the extract says, the working group “is not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection that is essentially equivalent to that in the EU.”

That might seem troubling, especially as the group is on deadline to give an opinion on Privacy Shield this week. That said, the working group's decisions are not binding so a statement that Privacy Shield is not up to scratch will not necessarily result in a rejection of the whole regime.

If, however, the regime's many critics from both in and outside of the EU still find it wanting, a return to the European Court of Justice (ECJ) risks the same fate as the regime it was designed to replace.

“The leaked extracts from Article 29 Working Party's upcoming assessment of the EU-US Privacy Shield replacement for Safe Harbour suggests the agreement, in its current form, is an excellent example of rushed policymaking,” Rick Orloff, CSO at Code42 told SCMagazineUK.com.

He added, “With the finalised agreement, it is sure to have significant economic impact, it needs to be right first time, and needs to be agreed upon from both sides of the transatlantic table, including all regulators and intermediary bodies."

Privacy Shield was constructed as a replacement for Safe Harbour, the privacy regime that governed data flows from Europe where privacy laws are traditionally strong to other parts of the world where privacy is weaker

Safe Harbour was struck down after 15 years when European courts said that European data was not safe in America due to widespread domestic surveillance programmes.  

At the centre of Privacy Shield is the question of bulk collection. Just last month, Tiina Astola, deputy director-general of the Directorate-Generale of Justice and Consumers for the European Commission, told the European Parliament that Europe had “clear and unprecedented written assurance” that access to European individuals' data in the US will only be used as needed by security services.

Much of Europe, not to mention the European Union seems outright hostile to bulk collection. Today, the ECJ will hear a legal challenge brought my UK MPs Tom Watson and David Davis. The emergency hearing will raise issues over the legality of bulk collection and whether such a practice is consistent with the European Convention on Human Rights (ECHR) which overrides much sovereign legislation.  


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews