A recent privacy agreement struck between the U.S. and EU has not gone down very well with privacy groups who are challenging the decision in the Luxembourg-based General Court.
The EU-U.S. pact – dubbed the ‘Privacy Shield’ – was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic the right to transfer personal data from the EU to the U.S.
This was apparently done in accordance with stringent EU data protection requirements. The aim of transferring data between the Atlantic is to support commerce and trade, but there are still data protection concerns.
Safe Harbor Principles
The Privacy Shield agreement could be seen as a ‘consolation prize’, or others may say an alternative, as the EU courts ruled that the previous Safe Harbor Principles were found to be in breach of EU privacy rights. This is because the U.S. surveillance of online data was found to be too intrusive. There may be a greater justification for more intensive surveillance in the U.S. following a string of terrorist attacks. The Safe Harbor Principles permitted a transfer of EU citizens’ data to the U.S., however it’s no longer legally enforceable or recognised as complying with EU data protection laws.
Opposition to the new pact
Although the Privacy Shield Framework has been given the green light from the European Commission, there are still key concerns that remain.
It’s questionable as to why citizens of the EU were not properly consulted about the agreement prior to its enforcement. At the end of the day, it’s our data that both the EU and the U.S. are dealing with…
French privacy interest groups, including privacy advocacy group La Quadrature du Net (a non-profit internet service provider), French Data Network, and its Federation FDN industry association, have challenged the adoption of the agreement. These privacy groups seem to be following Digital Rights Ireland’s steps. The Irish privacy group successfully litigated against the EU Data Retention Directive which compelled all ISPs and telecom companies operating in Europe to collect and retain outgoing and incoming phone numbers, along with other sensitive data such as location data for a span of six months to two years.
This was found to be unconstitutional.
Security of our data
There are also concerns of cyber security. As our data is spread further and across many more organisations, there is a heightened responsibility of these companies to abide by data protection rules and to ensure that our data is secure. It’s reported that more than 500 companies – including Google, Facebook and Microsoft – have signed up to the new agreement.
Are there adequate protections?
There are advocates to suggest that the agreement strengthens privacy protections for EU citizens as they can seek redress through the Ombudsman in the State Department. However, I believe the agreement has caused potential risks for further data hacking. I cannot see how the U.S. Ombudsman are an effective means for redress. With cyber-attacks sharply rising in recent years, and data breaches costing organisations and businesses millions, everyone needs to be more proactive in securing personal data. This is even more the case now that our data is being passed across the Ocean!
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.