With Europe seeking to ensure Washington has lived up to its promises to protect the data of European citizens stored on U.S. servers, a pact underpinning billions of dollars of transatlantic data transfers will undergo its first annual review.
The EU-U.S. Privacy Shield data pact has been in place for just over a year and after revelations of mass U.S. surveillance four years ago, the transatlantic relations had sourced and this pact is feted as a milestone in that relation.
Everyday cross-border data transfers were plunged into a legal limbo after European Union’s top court struck down a previous data transfer pact in 2015 because it allowed U.S. spies excessive access to people’s data, and this pact was hammered out after that incident.
While the EU data protection watchdogs have also expressed misgivings, based on the grounds that it does not offer adequate privacy protections for European citizens’ data, it is already subject to two legal challenges in European courts.
In order to ensure it is functioning well and that the U.S. administration is keeping its part of the deal, the first annual review taking place on Monday and Tuesday will be an opportunity for the European Commission, which negotiated the Privacy Shield.
“My expectation is that we will find Privacy Shield functioning, we might find some space or room for improvement,” Vera Jourova, EU Justice Commissioner, said in an interview.
Including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying, EU citizens are given greater means to seek redress in case of disputes, and therefore the Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers.
However, under the new U.S. administration, a new ombudsman has not been yet appointed. This is something that Jourova said she will push for.
Tough EU data protection rules forbid companies from transferring personal data to countries deemed to have inadequate privacy protections unless they have special legal contracts in place and therefore companies wanting to transfer Europeans’ personal data outside the bloc have to comply with such EU rules.
Without relying on such contracts, known as model clauses, which are more cumbersome and expensive. the Privacy Shield allows firms to move data across the Atlantic.
Including the likes of Alphabet Inc’s Google, Facebook and Microsoft, over 2,400 companies are signed up to the scheme.
“Virtually every transaction in the trillion-euro transatlantic trade relationship, from the movement of services and capital to the movement of goods and people, heavily relies on the transfer of data between the EU and U.S.,” said Thomas Boue, Director General, Policy, EMEA for BSA, which represents the likes of Apple, Microsoft and IBM.
Figures for how many requests for people’s data companies had received from U.S. authorities is also being sought to be found out by the Commission.
“The million dollar question was how many times they were asked by the national secret service,” Jourova said. “This is of big relevance for assessing whether Privacy Shield is successful.”
The Commission will produce a report with its conclusions on the review of the Privacy Shield in October.
(Adapted from Reuters)