European Commission publishes provisional text Privacy Shield Agreement




The European Commission adopted the draft text of the Privacy Shield agreement, which follows the Safe Harbour scheme made available. The text includes new rules for businesses and ensure that access to data by the US government remains limited.

Eu US Privacy Shield Max Schrems, which ensured that the Safe Harbour scheme was exposed in 2015, was critical of the new Privacy Shield. So claims the European Commission that there is no longer the bulk collection of information by the US Schrems notes however that the rule designates six cases in which this collection is allowed. For example, when it comes to counter-terrorism, cyber security and international crime.

This according to him is diametrically contrary to the requirements of the European Court of Justice has held in the Safe Harbour statement. Schrems is therefore of the opinion that the new rules are an attempt “to breathe new life Safe Harbour ‘and the rules’ directly lead back to Luxembourg. By that he means that the new regime will probably soon be brought before the European Court in Luxembourg.

Under the new rules, companies must agree to “privacy principles” through a self-certification process, which is also part of the old Safe Harbour scheme. This process must be repeated annually and should cause companies adhere to the rules. The US Department of Economic Affairs is by checking the privacy requirements of the companies correspond to the aforementioned principles. The Privacy Shield agreement itself will be reviewed annually.

One of these principles is the ‘choice’ principle, whereby individuals the possibility for an opt-out for certain types of data. Under the Privacy Shield is only possible to use them if they want to prevent data from being disclosed to third parties or when personal data are processed for an entirely different purpose than that for which they were collected. Schrems notes thereto that these two cases are only a small part of the possible processing operations.

Citizens have the opportunity to lodge a complaint with the companies that process their personal data. These companies have than 45 days, the time to respond to such a complaint. There is also a possibility to make free use of alternative methods of dispute resolution. Should there still be no solution, it is possible to let the complaint dissolve via the national privacy regulators. As an ultimate resort, it is possible to submit a complaint to the Privacy Shield panel, which then comes up with a binding decision. This panel consists of one or three independent arbitrators who may be chosen by the parties from a group of at least twenty people.

A striking point that Schrems this call is that national data protection authorities can decide according to the new rules that a company should stop the export of data. They can do so on if they feel that there is not an adequate level of data protection available.

In terms of American national security are clear limits and restrictions placed on access to information through investigation and security. Citizens may address complaints or conflicts to an ombudsman. It then looks at whether appropriate US legal safeguards are respected and ensure that appropriate action be taken if this is not so.

Representatives of the EU Member States and the consultation of the national data protection authorities, the Article 29 Working Party, adopt the draft text of the Privacy Shield Agreement under scrutiny in the period ahead. Thereafter, the final text is adopted.


In: A Technology & Gadgets Asked By: [21980 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]