EU wants easier complaints in Privacy Shield deal with US
European Union officials want more people to complaint about Privacy Shield, the exemption to European Union data protection law that allows businesses to export personal information to the US for processing.
Businesses making billions of dollars’ worth of transatlantic data transfers are believed to rely on Privacy Shield, which was introduced last year to replace the Safe Harbour Agreement overturned by the European Court of Justice in 2015.
Its provisions include procedures for EU citizens concerned about US companies’ treatment of their personal information to complain to the company concerned, a dispute resolution body, or data protection authorities in the US or in their home country.
But one year into the agreement, “There have been practically no complaints” even though the personal information of tens or hundreds of millions of people has been transferred to the US, said European Commissioner for Justice Věra Jourová.
Some might consider that a good sign, but Jourová warned: “We should not be complacent. It may be that people lack information about how to complain.”
Jourová was presenting the European Commission’s first annual review of US authorities’ compliance with Privacy Shield’s requirements. The report will now be sent to the EU’s Parliament and Council, the so-called Article 29 Working Group of European data protection agencies, and to US authorities.
The report calls for the US Dept. of Commerce to improve its monitoring of companies’ compliance with Privacy Shield requirements.
Jourová recognised that compliance monitoring had had to take a back seat to the registration of new companies during the first year, but said this needed to change.
She also called for the Commerce Dept. to seek out companies making false claims about their compliance.
Regarding the small number of complaints received from citizens, Jourová encouraged national data protection authorities to publicise the options open to European citizens to lodge complaints and defend their own data.
There is one area in which complaints cannot yet be processed: the US is supposed to appoint a permanent Privacy Shield Ombudsperson to deal with requests from EU citizens regarding access to their data by US security agencies. One year on, the post is still vacant, as are four of the five seats on the US Privacy and Civil Liberties Oversight Board. Jourová called for these posts to be filled as soon as possible.
Overall, though, Jourová was positive about the future of Privacy Shield. Although it might still face a legal challenge similar to the one that brought down the Safe Harbour Agreement, she said she is confident it will withstand court scrutiny.
And the election of a new US president—and with him the arrival of a new US administration—in the year since Privacy Shield was introduced is not causing problems, according to Jourová.
“I had a very good relationship with the people negotiating Privacy Shield on President Obama’s administration. I have wondered whether we can continue based on this spirit of trust,” she said.
After two meetings with US Secretary of Commerce Wilbur Ross, though, “I am positive about the approach of the American administration. My second visit dispelled my doubts about whether America First means America Only, which would be bad news for the EU,” she said.
IDG News Service