Privacy Shield is a new agreement between the U.S. and the EU that allows for legally protected data transfers across the Atlantic. It was officially passed by a vote last Friday and is expected to be formally announced tomorrow. It replaces the old agreement Safe Harbor, which was ruled invalid last year by the European Court of Justice in a case taken by Schrems.
The new agreement has been divisive. Schrems told Fortune that he does not expect it will last long. “It’s the same as Safe Harbor with a couple of additions, and it’s going to fail like the one before,” he said.
The main issue with Safe Harbor is U.S. bulk surveillance that impacts EU citizens’ data once it is transferred Stateside. One of the new additions includes an authority that will be set up by the U.S. to investigate any claims by EU citizens over surveillance or data privacy abuse. But critics of Privacy Shield note that these new provisions don’t address surveillance in any meaningful way.
It remains to be seen if the European Court of Justice will allow Privacy Shield to commence or if it will be struck down like its predecessor.
With this uncertainty in mind, Schrems believes that corporations and internet companies will be reluctant to sign up to the agreement immediately, in case it falls apart.
Vera Jourova, the EU’s justice commissioner, thinks otherwise, stating last week that Privacy Shield has “ruled out indiscriminate mass surveillance of European citizens’ data”.
She has one major supporter already — Microsoft. John Frank, the company’s vice president of EU government affairs, wrote that the agreement was an “important achievement for the privacy rights” or Europeans and that Microsoft will be signing up ASAP.
Jourova reiterated at a parliamentary hearing today that Privacy Shield comes with a suspension clause that can be triggered if U.S. companies or the government do not keep up their end of the arrangement. Privacy Shield will be also subject to an annual review, which will give critics an opportunity to voice concerns.
Last week four countries – Austria, Bulgaria, Croatia, and Slovenia – abstained from the vote. According to Jourova, the countries are willing to give the agreement a year but are keen to reassess it.
This approach too has been criticized. David Martin Ruiz, a digital policy lawyer in Brussels, tweeted that the general attitude toward the agreement is to just give it a chance rather than work out a new agreement now.
Editors' Recommendations
- Privacy is becoming obsolete, but not everyone thinks you should fear its demise
- Will U.S. government force Facebook to decrypt Messenger?
- Privacy-focused browser Brave sues Google, claims breach of Europe’s GDPR rules
- Powerful data privacy legislation drafted by Democratic senator from Oregon
- The best VPNs for Android
