EU-US (not quite enough) Privacy Shield

The EU-US Privacy Shield agreement is due to replace Safe Harbour. The agreement intends to provide Europeans with a level of protection against exploitation of personal information, but with the basic premise based on American companies self-certifying their compliance with the agreement, many Europeans have a right to be skeptical.

EU-US Privacy Shield

There was great hope that the self certification elements of the old Safe Harbour agreement would be dropped in favour of an audit and assessment carried out by the EU, but in the proposal to date, it looks like any audit of a self certification would have to be done jointly between the EU, the ombudsman and the US FTC. Not an easy task and likely to put off all but the largest cases of breach or compromise of personal European information.

The ombudsman also appears to be at odds of the fears for EU citizens as it is part of the US FTC. Europeans have a right to be suspicious of US abuses of personal information, especially as US companies are used to getting access to virtually any information they like. Personal protection within the US is a world away from the expectations of the average European.

It is difficult to see how any European could feel comfortable with the agreement as it stands; but that said, it is better than nothing and starts the dialogue going in the right direction. In 2018 the hope is that a further renegotiation will put more accountability into US firms with obligations that can be independently audited.

If in June the Privacy Shield is not enacted by the EU members states we may find ourselves in limbo, with no protection at all, but in a strong position to negotiate something that closely aligns to the needs of European citizens.

The elephant in the room though is what will happen if the UK leaves the EU in #brexit – will we have to negotiate multiple agreements or risk movement of core chunks of the service industry to EU data centres?

Want to say something interesting?