Apr 172017

EU Lawmakers Say That Privacy Shield Deficiencies Must Be Fixed Urgently

Colleen Theresa Brown, William RM Long and Thomas Fearon
, , , ,

On 6th April, 2017, the European Parliament adopted a resolution stating that there are deficiencies in the EU-US data transfer accord Privacy Shield which must be “urgently resolved” in order to give citizens and companies legal certainty. MEPs called on the EU Commission to conduct an assessment and to ensure that the Privacy Shield complies sufficiently with the EU Charter of Fundamental Rights and new EU data protection rules.  According to the resolution or related press release, MEPs are particularly concerned about:

  • “[R]ecent revelations about surveillance activities conducted by a US electronic communications service provider on all emails reaching its servers, upon request of the National Security Agency (NSA) and the FBI, as late as 2015, i.e. one year after Presidential Policy Directive 28 was adopted…”;
  • “[T]he ‘Procedures for the Availability or Dissemination of Raw Signals Intelligence Information by the National Security Agency under Section 2.3 of Executive Order 12333’, approved by the Attorney General on 3 January 2017, [which the MEPs interpret to permit] the NSA to share vast amounts of private data gathered without warrants, court orders or congressional authorisation with 16 other agencies”;
  • That the Ombudsperson mechanism set up by the US Department of State is “not sufficiently independent and is not vested with sufficient effective powers to carry out its duties and provide effective redress”;
  • The MEPs perceived lack of “effective judicial redress rights for individuals in the EU whose personal data are transferred to a US organization under the Privacy Shield Principles and further accessed and processed by US public authorities for law enforcement and public interest purposes,” in either the Privacy Shield Principles or letters from the US administration;
  • The rejection, in March, of the FCC Broadband Privacy Rules to heighten protections for the privacy of broadband customers; and
  • The purportedly diminishing authority of the Privacy and Civil Liberties Oversight Board.

The adoption of this resolution follows comments by the EU Justice Commissioner, Vera Jourova, at the end of March 2017, whereby she told Bloomberg that the US must, if it wishes to keep a European Union-U.S. cross border data transfer program in place, satisfy the EU that it will continue to be faithful to appropriate limitations on surveillance and privacy protection policies. Jourova, who stated that “privacy is valued highly and in a different way [in EU countries] than in the U.S.” has also said that, President Donald Trump “understands the economic importance” of the Privacy Shield and that there has been little reason to date “to doubt the commitment of the new government.”

Colleen Theresa Brown

Washington, D.C.

cbrown@sidley.com

William RM Long

London

wlong@sidley.com

Thomas Fearon

tfearon@sidley.com

You might also like
UK GDPR Reform Is Back! Department of Science, Innovation and Technology Introduces New Data Protection and Digital Information Bill

On 8 March 2023, the newly created Department of Science, Innovation and Technology (“DSIT”) introduced the Data Protection and Digital Information (No. 2) Bill. The “Bill” is in substance a re-introduction of the previous Data Protection and Digital Information Bill which was withdrawn from Parliament on the same day as the new Bill was published. The Bill, which has been hailed by the UK Government as one that will “save billions” and “cut down pointless paperwork” is the UK’s latest attempt to create a more streamlined piece of data protection legislation for the UK whilst still “ensur[ing] data adequacy.” The Information Commissioner’s Office (“ICO”) also welcomed the re-introduction of the Bill, with the Commissioner stating that he would “support [the Bill’s] ambition.” While much of the Bill remains the same as its previous iteration, we set out the key provisions and notable amendments below.

Biden Administration Announces National Cybersecurity Strategy

On March 1, 2023, the Biden administration announced its long-awaited National Cybersecurity Strategy. The strategy is part of the administration’s efforts to bolster and modernize public and private responses to cybersecurity threats.

UK’s New Pro-innovation Approach to Regulating Digital Technologies

On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “Report”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.” In response, the UK Government has accepted all of the Report’s recommendations, and set out some next steps for their implementation.