The EU and US have reached a deal on data sharing, whereby a US director of national intelligence will sign a pledge that the US government will avoid “indiscriminate mass surveillance” of EU citizens when their data is sent from Europe to the US, referred to as the 'Privacy shield'. This agreement replaces former data-sharing arrangement – 'safe harbour' - used by thousands of companies to transfer highly sensitive personal data.
Commenting on the 'Privacy Shield', Mishcon de Reya Partner and Data Protection expert Adam Rose said: "Whilst the President of the European Council is seemingly promising the UK a sort of veto over EU laws generally, each of the 28 member states' data protection authorities are nonetheless being asked if they will veto proposals agreed between the EU's justice committee and the US Department of Commerce allowing personal data collected in the EU to be held by organisations in the US.
The big question here is whether any country's data protection authority will attack the new proposed scheme.
Most commentators have noted that the Privacy Shield doesn’t actually appear to address the fundamental issues that caused the death of the Safe Harbour programme, namely, that US authorities were able to 'snoop' on data with little, if any, control.
The proposed Privacy Shield relies on a US assurance that there will be limitations, safeguards and oversight of any future such access for law enforcement and national security bodies, although given the past record, that might not satisfy everyone.
However, the fact remains that unless something is put in place, businesses around Europe will find that the way they do business will be affected.
In a data-driven world, balancing the rights of citizens and consumers opposite the needs of businesses is not easy – the Privacy Shield programme is almost certainly not the perfect answer, but will any data authority be willing to put its head above the parapet?"