EU-US Privacy Shield formally comes into effect, but will it be effective?

12 Jul 2016

Privacy Shield has been formally adopted, but will legal uncertainty among businesses lead to its early demise?

Up to $250bn worth of transatlantic digital services have been underpinned by the formal adoption of the EU-US Privacy Shield by the European Commission today (12 July). But will legal uncertainty about Privacy Shield hold businesses back?

The formal adoption of the replacement for Safe Harbour is calculated to bring to an end nine months of uncertainty and will place stricter obligations on US companies like Facebook, Microsoft and Google to protect the personal data of EU citizens.

Safe Harbour was declared invalid by the European Court of Justice last October, the culmination of a long-running legal battle instigated by Austrian privacy activist Max Schrems.

‘It’s the same as Safe Harbour with a couple of additions, and it’s going to fail like the one before. It’s better than Safe Harbour, obviously, but far from what the European Court of Justice has asked for’

US Secretary of Commerce Penny Pritzker said that the new Privacy Shield is a milestone for privacy and is a framework that creates certainty.

“The EU-US Privacy Shield is a robust new system to protect the personal data of Europeans and ensure legal certainty for businesses,” said Věra Jourová, European Commissioner for Justice, Consumers and Gender Equality.

“It brings stronger data protection standards that are better enforced, safeguards on government access, and easier redress for individuals in case of complaints. The new framework will restore the trust of consumers when their data is transferred across the Atlantic. We have worked together with the European data protection authorities, the European Parliament, the member states and our US counterparts to put in place an arrangement with the highest standards to protect Europeans’ personal data.”

The formal adoption of Privacy Shield was welcomed by Ireland’s Minister of State for European Affairs, EU Digital Single Market and Data Protection, Dara Murphy, TD.

“Having a sustainable framework in place for the lawful, safe and secure transatlantic transfer of data is absolutely critical for society and the economy in this digital age,” Murphy said.

“Secure data flows allow citizens to have trust and confidence in the digital environment and to take advantage of the benefits of technology and innovative digital services in their lives.”

“Throughout the negotiations on the Privacy Shield, I have been encouraging both the EU and US sides to conclude an agreement that is sustainable and fully respects the concerns of the European Court of Justice on the fundamental right of individuals to the protection of their personal data.”

Legal uncertainty could make Privacy Shield indefensible

But not everyone agrees that the EU-US Privacy Shield respects the concerns of the European Court of Justice.

According to a report in Fortune, Max Schrems has little faith in Privacy Shield and has forecast its demise. He has warned that legal uncertainty around the pact will prevent businesses from signing up to it.

“It’s the same as Safe Harbour with a couple of additions, and it’s going to fail like the one before,” Schrems said.

“It’s better than Safe Harbour, obviously, but far from what the European Court of Justice has asked for.”

Privacy Shield is currently being analysed and scrutinised by the influential Article 29 Working Party, which will provide its verdict on 25 July.

Businesses will be able to start the self-certification process for Privacy Shield from 1 August.  It will be interesting to see if Schrems’ prediction comes true.

EU-US image via Shutterstock


John Kennedy is a journalist who served as editor of Silicon Republic for 17 years