European Data Protection Authorities Give Tepid Endorsement of Privacy Shield

The Article 29 Working Party, a body made up of representatives from the data protection authorities from each European Union member state, praised the “improvements” contained in a new data-sharing pact between the European bloc and the United States, but warned they would keep an eye on certain aspects of the deal.

The European Commission adopted Privacy Shield on July 12. The new agreement allows businesses operating in the EU to send data stored overseas back to servers in the U.S., and is seen as vital for companies competing in overseas markets. The previous agreement, Safe Harbor, was struck down in October 2015 after growing European distrust about the U.S. government’s surveillance practices.

Concerns over bulk government surveillance led to some pushback in Europe over securing a new deal and the Article 29 Working Party said “a number of these concerns remain regarding both the commercial aspects and the access by U.S. public authorities to data transferred from the EU,” in a Tuesday statement.

The data protection authorities said it “regrets the lack of concrete assurances” in Privacy Shield that bulk and indiscriminate surveillance won’t take place with Europeans’ information transferred to the U.S., despite assurances from the Office of the Director of National Intelligence that this wouldn’t occur.

The group said they will focus on the annual joint review, where both sides will take a look at how things have gone in the first year and assess any needed changes, to determine the effectiveness of Privacy Shield. It called for the ability to “directly access all the information necessary” to make that call — including sufficient information to evaluate the data collection practices of U.S. law enforcement.

The Computer and Communications Industry Association, a group representing tech groups including Inc. and Google Inc. said they “appreciate the commitment of the Article 29 Working Party to ensuring strong privacy protections in the new data transfer arrangement.”

“Their close examination of the Privacy Shield has helped produce more clarity for companies and citizens alike, and their participation in the joint annual review process is key,” Bijan Madhani, privacy counsel at CCIA, said in a Tuesday statement.

“The Privacy Shield as it stands today is the result of unprecedented cooperation between the European Commission, European DPAs, and the US Government,” Thomas Boué, director of policy for Europe, the Middle East and Africa at BSA — the Software Alliance, said in a statement. BSA represents Apple Inc. and Microsoft Corp.

“We trust that this cooperation will carry on throughout the implementation of Privacy Shield, as well as in the context of the annual review process,” Boué added.