Privacy Shield, the new data transfer agreement between the U.S. and the European Union, was officially passed in July but it continues to face its fair share of legal challenges and critiques that could derail the trans-Atlantic pact before it ever truly takes off.
A lawsuit originally filed by Digital Rights Ireland (DRI), a digital rights nonprofit, is challenging the efficacy of the protections promised by Privacy Shield. It claims that the agreement, which replaced the longstanding Safe Harbor deal, is still inadequate in protecting citizens’ data and privacy.
DRI is now facing a significant kickback, though. The Irish Times reports the German federal government and the Czech government filed papers lodging their support for the agreement and the European Commission, the EU’s executive branch. The Commission brokered the deal with the U.S. Department of Commerce.
Monday was the deadline for interested parties to lodge their support on either side of the case, which is being filed in the General Court of the European Union, one of the lower courts.
DRI wants the agreement declared “null and void” as it has been a “manifest error of assessment by the commission.”
Privacy Shield took several months to hammer out. In October 2015, the European Court of Justice ruled Safe Harbor invalid, which had been in place for several years. This agreement allowed for companies, such as Facebook or Google, to transfer user data legally across the Atlantic. However, a legal challenge by Austrian lawyer and activist Max Schrems led to the court finding the agreement did not safely protect Europeans from U.S. mass surveillance.
As a result, Privacy Shield was born but privacy advocates and digital rights groups have taken a skeptical view, in some cases dubbing it Safe Harbor just with a different name. They maintain that the deal fails to address mass surveillance.
One of the new provisions made in Privacy Shield is the establishment of a U.S. ombudsman that will investigate alleged abuses of Europeans’ data by the U.S. but the independence and influence of this ombudsman has been called into question. Schrems has said the new agreement won’t stand up to scrutiny in the courts.
Nevertheless, more than 500 companies have signed up to the agreement, which will allow them to transfer data with legal protections, including Microsoft and Cisco.