show image

Privacy Shield: why the US is still failing to comply with the data sharing deal

The EU has called out the US government for failing to appoint an ombudsman to oversee transatlantic data flows. The intervention marks the second time in two years that Europe has urged America to honour the commitment, which it made when it signed up to the Privacy Shield framework for EU-US data transfers in 2016.

In a statement timed to coincide with the EU’s second annual review of Privacy Shield, commissioner Andrus Ansip (pictured) urged the US to put forward a representative by the end of February. “We now expect our American partners to nominate the ombudsperson on a permanent basis, so we can make sure that our EU-U.S. relations in data protection are fully trustworthy,” Ansip said. The Commission has threatened to take action if the US administration failed to meet its deadline.

Privacy Shield was established in 2016 after the previous framework for sharing data between the EU and US, known as Safe Harbour, collapsed. The European Court of Justice had ruled the arrangement did not do enough to protect European users from US espionage.

The Commission’s latest plea came just days after the UK’s data protection watchdog warned that UK-EU data flows would be affected if Britain leaves the union without a deal next year. While the government’s proposed withdrawal agreement allows for the current data transfer regime to continue, Theresa May’s chances of securing parliamentary backing for the deal appear to be dwindling.

In the event that the UK leaves without an agreement, the government has said it will continue to allow data to flow from Britain to EEA countries – but transfers in the opposite direction “will be affected”, the ICO has stated. In a blogpost, the information commissioner Elizabeth Denham said that “organisations will need to carefully consider alternative transfer mechanisms to maintain data flows”. “The guidance we have produced will help you weigh the options and take action if this proves necessary.”

The ICO has published a series of documents, including a six step guide, aimed at informing businesses about the measures they should be taking ahead of 29 March – the date the UK is expected to leave the EU.