Insights European Data Protection Supervisor publishes Opinion on EU US Privacy Shield saying it is “not robust enough”.

In April 2016, the Article 29 Data Protection Working Party issued an Opinion on the Privacy Shield proposal to which the EDPS contributed as a member.  It contained a detailed legal analysis and request for clarification over a number of concerns.  The EDPS Opinion has now been published as part of the EDPS’s role as independent advisor to the EU institutions on the implications of policies that have an impact on the rights to privacy and data protection.

The EDPS says that he appreciates the efforts made to develop a solution to replace Safe Harbour, “but the Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the Court”.  In the view of the EDPS, “significant improvements are needed” should the European Commission wish to adopt an adequacy decision, to respect key data protection principles with particular regard to necessity, proportionality and redress mechanisms.  Further, he says, a “longer term solution” in the transatlantic dialogue is needed.

For the Privacy Shield to be effective, the Opinion states, it must provide adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights, the Opinion states.

With the new General Data Protection Regulation (GDPR) coming in to force across the EU in May 2018, the EDPS points out that it will be applicable to all data protection related matters, including the transfer of data.  The EDPS urges legislators to “take their time in finding an adequate, long-term solution”.  International companies supplying goods and services in the EU should be absolutely clear about all the rules they must comply with.  To read the EDPS’s press release and for a link to the Opinion, click here.