EU-US data protection
New 'Privacy Shield' data transfer framework a cosmetic change
The European Commission today formally presented a new legal framework for the transfer of the private data of EU citizens to the US. The new 'Privacy Shield' framework is supposed to replace the Safe Harbour decision, which was deemed illegal by the European Court of Justice. Commenting on the Commission's proposal, Green home affairs and data protection spokesperson Jan Philipp Albrecht stated:
"The new 'Privacy Shield' framework appears to amount to little more than a remarketed version of the pre-existing Safe Harbour decision, offering little more than cosmetic changes. It seems highly questionable that this new framework addresses the concerns outlined by the European Court of Justice in ruling the Safe Harbour decision illegal. The provisions on judicial redress are particularly vague. In order to guarantee an equivalent level of data protection there would need to be legislative changes in the US but this is not anticipated. As such, this framework cannot be the final say. The European Commission must push for improvements to ensure the privacy rights of EU citizens are upheld.
"In the US, there is no data protection equivalent to that under EU law primarily because the US has no general data protection rules for consumers. The Commission should insist that this is finally introduced. This is also relevant for the EU's revised data protection rules, which will come into force in 2018. Against this background, it is essential that 'Privacy Shield' is limited to two years and that a new framework is negotiated once the new EU rules on data protection come into force."