eDiscovery Daily Blog

• July 14, 2016

As we discussed back in February, the EU-US Privacy Shield, an important new agreement governing the transfer of data between Europe and the United States, was announced on February 2.  Within the same month, the European Commission released details on the new trans-Atlantic data transfer arrangement.  Now, the European Commission has formally adopted the new agreement, only nine months after the old “Safe Harbor” agreement was struck down.

As discussed in The Verge (EU-US Privacy Shield agreement goes into effect, written by Amar Toor), the new data transfer pact went into effect two days ago (July 12), and US companies will be able to certify their compliance as of August 1st.

EU member states formally signed on to the agreement last week, but The Guardian reported that Austria, Slovenia, Bulgaria, and Croatia abstained from the vote. The paper reported that representatives of Austria and Slovenia still had doubts over whether the deal would protect their citizens’ data from US surveillance.

Under the agreement, US companies will have to self-certify that they meet higher data protection standards, and the US Department of Commerce will be charged with conducting “regular reviews” to ensure compliance. The US has also assured EU member states that there will be “clear limitations, safeguards and oversight mechanisms” governing how law enforcement and federal agencies access the data of Europeans, and that bulk data collection would only be carried out “under specific preconditions and needs to be as targeted and focused as possible,” according to the European Commission.

“We have worked hard with all our partners in Europe and in the US to get this deal right and to have it done as soon as possible,” Andrus Ansip, vice president for the European Commission’s Digital Single Market initiative, said in a statement Tuesday. “Data flows between our two continents are essential to our society and economy – we now have a robust framework ensuring these transfers take place in the best and safest conditions.”

But some civil liberties groups are wary of Privacy Shield, questioning whether it will have any meaningful impact on consumer privacy. Privacy International, a London-based watchdog, expressed concerns over the new deal after a leaked version was published online last week, describing it in a post as “an opaque document that will be a field day for law firms.”  “In short: new ‘Shield’, old problems,” Tomaso Falchetta, legal officer at Privacy International, said in an email on Tuesday. “Given the flawed premises – trying to fix data protection deficit in the US by means of government’s assurances as opposed to meaningful legislative reform – it is not surprising that the new Privacy Shield remains full of holes and hence offers limited protection to personal data,” Falchetta added.

Rob Robinson’s Complex Discovery site includes a reference to the story here, which also includes a handy one-page PDF file that summarizes the new EU-US Privacy Shield.

So, what do you think?  Will the new “Privacy Shield” be an effective replacement to the old “Safe Harbor”?  Or will it be doomed to failure as well?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.