The European Commission has given Europe a lesson on how not to negotiate. This isn’t a good deal, it hardly deserves to be called a ‘deal’ of any kind.
, said Joe McNamee, Executive Director of European Digital Rights (EDRi).
- Under the 1995 Data Protection Directive, personal data can only be exported outside the EU in certain circumstances. One of these circumstances is an adequate level of data protection being provided by the recipient country, which the Court of Justice of the European Union defined as needing to have procedures that are “essentially equivalent” to the EU’s level of protection.
- As the US is an important business partner and as the US does not have comprehensive data protection legislation, negotiations led to the launch of an arrangement called ‘Safe Harbour” being agreed in 2000. Under this system, companies could “self-certify” that they complied with a set of principles that would be, in theory, under the supervision of the Federal Trade Commission.
- Under Safe Harbour, the European Parliament asked for close monitoring of the arrangement. The Commission did not deliver. There is no reason for this to change under “Privacy Shield”.
- Under Safe Harbour, the European Commission could have suspended the arragement when it was recognised that it was not working but failed to do so.
Under Privacy Shield, the European Commission promises to suspend the arrangement, if it is recognised that it is not working. What’s new?
For more information, please see:
Need for substantive reform (18.11.2015)
Civil society demands post-Schrems (21.01.2016)
Article 29 Working Party demands
EU Ombudsman’s concerns (22.02.2016)