Brussels (AFP) – European data protection authorities said Tuesday they will give a new EU-US internet privacy deal a year’s grace period, minimising chances of new legal challenges during that time.
The deal was adopted in Brussels earlier this month after the EU’s top court last year struck down a previous arrangement, leaving internet giants such as Google and Facebook unsure whether they could transfer data back to their operations in the United States.
The 28 national EU data protection authorities meeting in Brussels on Monday found that the new Privacy Shield system has stronger safeguards on data transfer and better filters to prevent US intelligence agencies from conducting bulk collection of personal information.
“All of this is progress and real progress. Nevertheless we still have concerns remaining,” Isabelle Falque-Pierrotin, who chairs the so-called article 29 group, told reporters in Brussels.
The data protection authorities said in a statement they regretted the lack of concrete assurances against mass and indiscriminate collection of personal data.
They also want stricter guarantees for the independence of a US ombudsman to be named to tackle complaints from EU citizens.
“The glass is not sufficiently full but let’s give it a chance and accept the testing period until the first annual review,” Falque-Pierrotin said.
“At the joint review, we want to be provided with additional clarification, additional evidence, possibly changes in the legislation,” she said.
The annual review, which is required under the new deal, is set to take place in around a year, Falque-Pierrotin said.
She said the EU data protection authorities would not launch legal action “from our own initiative” in the next year. However, they would have to deal with complaints “on a case-by-case” basis if they receive them.
– ‘Self-certify’ –
EU and US officials say the Privacy Shield system lays down tough rules to prevent US intelligence agencies accessing European data, with companies facing penalties if they do not meet EU standards of protection.
The European Court of Justice threw out the earlier “Safe Harbour” arrangement after Austrian activist Max Schrems sued Facebook in Ireland, citing US snooping practices exposed by former US intelligence contractor Edward Snowden.
Companies wanting to transfer data from Europe to the United States must now “self-certify” as being compliant with the new deal with the US government from August 1, the EU said.
If they fail to do this, they can face fines and removal from the list.
Top US companies including Facebook, Google and Microsoft in particular have been eager to end the legal void so as to protect massive data transfers from their European subsidiaries to their headquarters in the United States.
COMMENTS
Please let us know if you're having issues with commenting.