Privacy Shield, the data transfer agreement between the United States and the European Union, is facing its first major legal challenge, which argues it does not provide adequate privacy protections.
Irish privacy advocates Digital Rights Ireland is taking legal action in the European Court of Justice’s General Court, less than two months after Privacy Shield was officially put in place.
Digital Rights Ireland has not commented to the action but Reuters reports that, according to a General Court spokesperson, the group is seeking the annulment of the agreement. However, we shouldn’t expect any major changes to Privacy Shield yet, as it will be at least a year before a decision is made.
A spokesperson for the European Commission said it was aware of the challenge being filed. He declined to comment further on ongoing legal action but defended Privacy Shield.
“As we have said from the beginning, the Commission is convinced that the Privacy Shield will live up to the requirements set out by the European Court of Justice which has been the basis for the negotiations.”
The U.S. Department of Commerce, which was involved in negotiating the deal, also defended it as having “critical privacy protections”.
Privacy Shield was first developed earlier this year as a replacement for Safe Harbor, the original data transfer agreement that was struck down last year by the European Court of Justice for failing to provide EU citizens with safeguards from U.S. mass surveillance.
Critics of Privacy Shield have said that the new agreement is not much different. Max Schrems, the Austrian lawyer that led the action against Safe Harbor, stated that the new mechanism would not stand up to legal scrutiny.
Digital Rights Ireland is taking advantage of a legal note that allows anyone to challenge the validity of an EU act within two months of it passing.