The protracted delivery of a new data sharing agreement between the United States and Europe could be reaching a conclusion.
Advertisement
The acceptance of the deal by member states was announced by the European Commission today, and will be formally adopted on 12 July.
The Data Protection Commissioner has asked the Commercial Court to refer the issue to the European Court of Justice.
Top US companies including Facebook and Google in particular have been eager to end the legal void, because they transfer data from their European subsidiaries to their headquarters in the United States. In addition, if the United Kingdom abides by the results of a recent referendum and pulls out of the European Union, it’s possible that the UK and USA would have to negotiate a separate privacy agreement.
Members of the European Union on Friday approved the final version of the Privacy Shield, a pact between the E.U. and the USA that sets the terms for trans-Atlantic transfers of personal data.
It is widely expected to face legal challenges from privacy advocates, including the activist who brought the original case that led to the termination of the old Safe Harbor deal.
“Both consumers and companies can have full confidence in the new arrangement, which reflects the requirements of the European Court of Justice”.
The Privacy Shield put in place “clear limitations, safeguards and oversight mechanisms” for how data should be protected in the future, said Commissioner Jourova.
Data privacy has grown into a fiercely protected right in the EU, especially in the aftermath of Edward Snowden’s 2013 revelations of mass surveillance carried out by the U.S. – and often targeted at its European allies.
The negotiation process has been drawn out due to public concern around U.S. surveillance, and in April the Article 29 Data Protection Working Party said that the framework lacked clarity and called for a more detailed analysis of many aspects of the agreement. “In the meantime, businesses have to move forward and European customers are increasingly voting with their wallets by signing up with cloud services hosting data in the EU or encrypting data before uploading it to the cloud, thus ensuring data never leaves the EU”. This new agreement, Privacy Shield, is the result of these negotiations.
The European Parliament has also previously expressed concerns about the robustness of the Privacy Shield. “Ultimately the CJEU will have the final say here, and at this stage we can’t predict whether they would uphold the Privacy Shield decision or invalidate it, and if so on what grounds”.
A spokeswoman for the Article WP 29 group told TechCrunch: “The main concern for everyone with the Shield is the need of robustness to avoid re-opening a period of uncertainty for companies, citizens and data protection authorities”.
Advertisement
However, several countries, including Austria, Slovenia, Bulgaria and Croatia abstained amid privacy concerns.
