In response to the announcement of the EU-U.S. Privacy Shield, the Article 29 Working Party issued its own statement, the key elements of which are as follows:
- The Working Party will not blindly accept the EU-US Privacy
Shield.
It welcomes the conclusion of the negotiations, but also is asking to see all documents pertaining to the new EU-US Privacy Shield by the end of February. The Article 29 Working Party will then evaluate whether the arrangement meets what it considers to be the four essential guarantees relating to the processing of data by intelligence agencies:
- the processing should be based on clear, precise and accessible rules;
- data should be collected and processed in a way that is necessary and proportional to the purposes pursued;
- there should be an independent oversight mechanism; and
- there should be effective remedies available to individuals.
This review by the Article 29 Working Party's review is expected to take several weeks. The very fact that this statement was issued suggests that there is much work to be done before a true solution to EU-US data transfer is arrived at.
In the meantime, alternative transfer tools such as Standard Contractual Clauses and Binding Corporate Rules can still be used. For companies that previously relied on the prior EU-US Safe Harbor and do not switch to alternative tools, it is still unclear how the EU's national Data Protection Authorities will deal with issues or complaints.
To view Foley Hoag's Security, Privacy and The Law Blog please click here
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
