(European Union) EU Commission Adopted EU-US Privacy Shield #general
Jan Meisels Allen
On 12 July the U.S. and European Union Commission adopted new privacy rules
protecting data shared across the Atlantic, known as the Privacy Shield.
Representatives of the 28 states of the European Union approved the final
version of the Privacy Shield agreement between the United States and the EU
on 8 July. To read the EU Commission press release see:
http://europa.eu/rapid/press-release_IP-16-2461_en.htm (Note: on the press
release there are links to read this in all other EU official languages.)
The Privacy Shield replaces the Safe Harbor agreement that was the 15-year
transatlantic agreement that was invalidated last October by the Court of
Justice of the European Union (CJEU) as a result of a court case against
Facebook brought initially by Austrian Max Schrems through the Irish Data
Privacy Regulator. The CJEU found that the data privacy provisions
protecting data stored in the United States under the safe harbor
agreement did not meet the EU protections. This all arose in the wake of
the Edward Snowden revelations against the(US) National Security Agency in2013.
The agreement is used by about 4,500 companies, this includes all types of
businesses including those involved with genealogy and DNA. Companies will
be able to sign up to the Privacy Shield >from Aug. 1 once they have
implemented any necessary changes to comply with the stricter rules.
Companies such as Microsoft have already announced their support for the new
data transfer agreement. See:
(MODERATOR: http://tinyurl.com/jbum7qx )
New provisions include improvements in the privacy violation resolution
process and the appointment of a new State Department official, and EU-US
Privacy Shield Ombudsman to handle any European complaints. The Ombudsman is
independent and will report to the US Secretary of State. The US has given
the EU assurance that the access of public authorities for law enforcement
and national security is subject to clear limitations, safeguards and
oversight mechanisms.There are multiple avenues for the individual to go
to if the EU citizen believes their data has been misused.
There are still concerns by some in the EU that the new Privacy Shield may
still not meet the requirements by the EU. Those who have expressed concerns
include Max Schrems, and some of members of the Article 29 Working Group
comprised of the data regulators of the 28 EU member countries. The Article
29 Working Group will meet later in July to agree on a common position. To
read more see:
(MODERATOR: http://tinyurl.com/j2x2ns9 )
However,the US believes the new agreement will survive. With new privacy
protections in place, we are confident the framework will withstand further
scrutiny,said U.S. Commerce Secretary Penny Pritzker.
It is possible that further litigation may happen that brings this new agreement
back to the CJEU where they may or may not agree that it meets the EU privacy
standards. It will take several years before such a case may be before the CJEU.
Jan Meisels Allen
Chairperson, IAJGS Public Records Access Monitoring Committee