European Parliament issues Privacy Shield suspension threat13th July 2018
The EU-US Privacy Shield was designed by the US Department of Commerce and the European Commission.
Its aim is to provide companies on both sides of the Atlantic with “a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce”.
It has been in place since July 2016, however, it has now hit a stumbling block. MEP’s have stated that due to a number of issues, they believe that the Privacy Shield is now not compliant with the latest EU data protection legislation.
On the 4th July the European Parliament debated the future of the Privacy Shield deal and although their resolution is non-binding, Parliament voted for its suspension unless it is “fully compliant” by 1st September 2018.
In addition to bringing the Privacy Shield in line with GDPR, the committee are also asking for the US Department of Commerce to carry out more proactive and regular compliance checks. Companies can self-certify that they comply with Privacy Shield – the committee want this monitoring more closely.
Facebook certify that they handle data in line with Privacy Shield and they are set to be fined £500,000 by the ICO for their handling of data during the Brexit referendum. This has not helped the credibility of Privacy Shield.
“This resolution makes clear that the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. Progress has been made to improve on the Safe Harbor agreement [the predecessor to Privacy Shield] but this is insufficient to ensure the legal certainty required for the transfer of personal data. The law is clear and, as set out in the GDPR, if the agreement is not adequate, and if the US authorities fail to comply with its terms, then it must be suspended until they do.” British MEP Claude Moraes [Chair of the Civil Liberties Committee].
Concerns have been raised as to whether the 1st September 2018 is a realistic deadline and as this resolution is non-binding, so the European Commission may choose to ignore it.
3,000 companies are registered as compliant with Privacy Shield. They like us, I am sure, will watch the situation unfold with interest.
Here at Griffin House Consultancy, we keep abreast of all of the latest data protection news. If you require any further information, get in touch today on 01673 885533 or email us at [email protected].
You can also sign up to our eBulletin for the latest developments in data protection, information governance and compliance.