Just as the Article 29 Working Party (WP29) determined in April, the European Data Protection Supervisor (EDPS) Giovanni Buttarelli has also concluded that there’s more work to be done on the EU-U.S. Privacy Shield.
In a press release, the EDPS called the pact, intended as a replacement for Safe Harbor and providing protection of EU citizens’ data when in the United States, as “not robust enough to withstand future legal scrutiny before the Court.” Like the WP29, the EDPS noted that “significant improvements” are necessary. He also called for a “longer term solution” and urged legislators not to rush but to take their time in finding an adequate, long-term solution.
In order for the Privacy Shield to be effective, the EDPS identified that it “must provide adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights.”
The EDPS’ 16-page report provides a very specific path for addressing the Privacy Shield concerns, which include integrating all main data principles, limiting derogations, improving redress and oversight mechanisms as well as provisions on transfers for commercial purposes.
For added emphasis comes Buttarelli’s blog, highlighting the EDPS- EAG workshop that’s underway. Posted a day after he shared his opinion on the Privacy Shield, the blog is titled, “Big Brother, Big Data and Ethics.” He states:
“So I’m proud that we’re initiating a worldwide debate on how to ensure the integrity of our values while embracing the benefits of new technologies.”
The Privacy Shield work and debate continue. For more details on the Safe Harbor replacement including best practices for e-discovery during this unknown period, download our After Safe Harbor white paper.