Safe Harbour, the agreement between the USA and the EU allowing the transfer of personal data to the USA, was challenged in the European court and whilst it is never wise to précis a legal decision, in essence it said the USA did not have equivalent protection for personal data to that in the EU. Whilst this had a significant effect on international email marketing companies, it had a massive general effect on international American companies.
The Article 29 Working Party was given the deadline of 31 January to come up with its replacement. As a writer I’m never going to support a deadline, but satisfying both the USA’s desire to check everyone’s data with the EU’s requirement for privacy was never going to be easy. Some suggested it would take much longer to arrive at a workable solution.
It seems they were correct. Whilst the press release only missed the deadline by two days, the full proposal is promised by the end of February.
The problem for the USA is the Foreign Intelligence Surveillance Act which gives overarching powers to check data coming into the country with limited oversight. For ten years or so it has, it was revealed, been doing so on a whim. A law student, Hanff, took Safe Harbour to the European Court and stopped it.
The Working Party has given us the bare bones of Privacy Shield. The press release suggested it was the solution to the problem but many commentators think otherwise.
Hanff petitioned the Working Party not to “entertain the notion that such an agreement [Privacy Shield] is either legally secure or honest.” With regards legally secure, what the Privacy Shield offers is ‘written assurances’ rather than legal protection. You have to ask yourself the value of a written assurance signed by a president who will be replaced in nine months.
There is the offer of an ombudsman but without legislative backing will lack authority.
Whilst we await the full proposals at the end of the month, the published basis of the Privacy Shield suggests that it is unlikely to settle the concerns of the EU court with regards the safety of data.