Skip to content Skip to sidebar Skip to footer
Menu
Menu
Data Protection & Cybersecurity

WP29 raises concerns on EU-US Privacy Shield

February 8, 2016
3 minRead time
invalidation standard contractual clauses
Share This Article
Share Post

The Article 29 Working Party expressed its position on the Privacy Shield and on the scenario applicable to current data transfers to the United States.

I had already covered in a previous blog post, the breaking news about the positive conclusion of the negotiations between the European Commission and the United States on the scheme for the transfer of personal data between the European Union and the US, the Privacy Shield or Safe Harbor 2.0.

What is the position of the WP29 on the Privacy Shield

The Article 29 Working Party, whose members are the data protection authorities of all the EU Member States, issued aย press release where it welcomed the Privacy Shield. But it also held that

stands ready to analyse the result of the negotiations in the light of theย European essential guarantees [โ€ฆ] It will especially have to consider if its concernsย regarding the U.S. legal framework can be alleviated following the introduction of the EU-U.S.ย Privacy Shield.

In particular, the WP29 considered 4 essential guarantees to be met by new scheme in order to be compliant with EU principles following the decision of the European Court of Justice that invalidated the Safe Harbor

  1. Processing should be based on clear, precise and accessible rules;
  2. Necessity and proportionality with regard to the legitimate objectives pursued need to be
    demonstrated;
  3. An independent oversight mechanism should exist, that is both effective and impartial;
  4. Effective remedies need to be available to the individual: anyone should have the right to
    defend her/his rights before an independent body.

Based on the above it seems that the WP29 has not yet validated the Privacy Shield and the final outcome of the negotiations is still pending.

What happens to the current data transfers?

Pending the finalization of the approval of the Privacy Shield, the Article 29 Working Party confirmed that the Safe Harbor cannot be used as legal basis for data transfers to the United States. But what really matters is that

  • After the review of the documentation relating to the Privacy Shield, the WP29 will assess whetherย transfer mechanisms, such as Standard Contractual Clauses and Binding Corporate Rules, canย still be used for personal data transfers to the U.S., while
  • In the meantime, the WP29 considers thatย this is still the case for existing transfer mechanisms.

Therefore companies relying of the Standard Contractual Clauses or the Binding Corporate Rules for data transfers to the United States โ€œshouldโ€ be safe.

@GiulioCoraggio

(Visited 2 times, 1 visits today)
Tags:
0LikesShare Post