European nations approve EU-US Privacy Shield

8 Jul 2016

European countries strongly support the new EU-US Privacy Shield

European countries have given their strong support to the EU-US Privacy Shield, which places clear obligations on companies handling data that belongs to EU citizens.

The European Commission’s Justice Commissioner Věra Jourová said that member states have given “strong support” to the Privacy Shield.

Privacy Shield replaces the previous accord, called Safe Harbour, which was declared invalid by the European Court of Justice last October.

The demise of Safe Harbour came after a high-profile case by Max Schrems that exposed shortcomings in how tech firms protected EU citizens’ private information.

Its fate was sealed when Edward Snowden made his famous revelations about spying on Europeans’ data by the NSA.

Commissioner Jourová said that the strong approval by EU countries paves the way for the formal adoption of the legal texts and for getting the EU-US Privacy Shield up and running.

“The EU-US Privacy Shield will ensure a high level of protection for individuals and legal certainty for business,” Jourová said in a statement.

“It is fundamentally different from the old ‘Safe Harbour’: It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice.

“For the first time, the US has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizens’ data.

“And last but not least the Privacy Shield protects fundamental rights and provides for several accessible and affordable redress mechanisms,” Jourová added.

Final wording of EU-US Privacy Shield may be influenced by court case in Ireland

One fly in the ointment for the EU, however, is a High Court case taking place in Dublin regarding a decision by the Data Protection Commissioner on EU-US data transfer channels.

Data Protection Commissioner Helen Dixon had found that EU-US data transfer channels used by Facebook are invalid because of inadequate US legal protection for EU citizens’ privacy rights.

The case could go on to the Court of Justice of the European Union to determine the legality of Standard Contractual Clauses (SCCs) that govern daily EU-US data transfers.

The outcome of the case could determine the final wording of the EU-US Privacy Shield.

European Commission image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years