The Privacy Shield has been in place since August 2016. However, compliance with the framework has been discussed since then again and again. Now, the EU has warned the US that it is about time to comply with the shield before its next review in October.
The Privacy Shield
The Privacy Shield came into force in 2016 and is a framework which makes personal data transfers from the EU to the US legitimate – as long as the company receiving the data shows an ‘appropriate data protection standard’ by taking part in the ‘shield’.
The official website says
The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.
Warning of EU
Brussels now has warned the Trump administration it has three months to comply with the requirements of the privacy shield. One of those is to appoint an ombudsperson. According to the Financial Times, Vera Jourova, the EU’s commissioner for justice, has written to Wilbur Ross, US commerce secretary, complaining that the White House has failed to appoint senior personnel to oversee the “ Privacy Shield” deal.
“Now that the new state secretary is in office and we are almost two years into the term of this administration, the European stakeholders find little reason for the delay in the nomination of a political appointee for this position.”
In June this year, MEPs on the civil liberties committee (LIBE) have already warned that a number of issues of the Privacy Shield are still not resolved, as the register has reported.
Claude Moraes, chair of LIBE, then said:
“While progress has been made to improve on the Safe Harbor agreement, the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter. It is therefore up to the US authorities to effectively follow the terms of the agreement and for the Commission to take measures to ensure that it will fully comply with the [General Data Protection Regulation].”
Facebook and Cambridge Analytica certified
What has also been discussed and criticized, is the fact that Facebook and Cambridge Analytica are both Privacy Shield certified. Both companies are part of one of the biggest data protection scandals this year. Thus, it has been demanded that the privacy shield certifications of Facebook and Cambridge Analytica should be assessed and – if necessary – the companies should be removed from the Privacy Shield list.
Review of Privacy Shield in October
The Privacy Shield is due for its second review from the European Commission in October. The agreement can be revoked if the US administration is not fulfilling the requirements. And the privacy world will need a new framework for data transfers between EU and US again…