Privacy Shield Agreement

The Privacy Shield Framework, approved by the European Union (EU) and the US government, is a recognised mechanism for meeting EU data protection requirements when transferring personal data from the European Economic Area (EEA) to the US. Using the 7 principles of the data protection shield (hereafter referred to), organisations participating in the framework are considered « appropriate » to data protection for data privacy, as provided for by the European Data Protection Directive and the General Data Protection Regulation (GDPR). The EU-US data protection shield allows companies to sign higher data protection standards before transferring data to the US. On January 25, 2017, U.S. President Donald Trump signed an executive order entitled « Enhancing Public Safety » that states that privacy in the United States is not extended beyond U.S. citizens or residents: the Privacy Shield has been legally challenged by data protection groups. [18] [19] At first, it was not clear whether the cases would be deemed admissible. [20] [21] However, until February 2017, the future of the data protection shield was in dispute. One consultant, Matt Allison, predicted that « the EU model, regulated by citizens, will quickly come into conflict with market forces in the US and the United Kingdom. » [22] Allison has summarized a new document in which the European Commission sets out its plans for adequacy decision and overall strategy. [23] EPIC President Marc Rotenberg made a statement to the European Parliament`s LIBE Committee to highlight several shortcomings in the proposed EU-US agreement, including the weak data protection framework, lack of enforcement and cumbersome redress mechanism. In the short term, Rotenberg recommended that the EU condition be followed by the acceptance of the data protection shield at the end of the « 702 programme », which allows mass surveillance of Europeans by the United States. Along with other NGOs, EPIC has asked the European Commission to rewrite the data protection shield by stating that it does not protect human rights and does not reflect changes in US law, as required by the Schrems decision.

EPIC and a coalition of NGOs have called on the European Union, and in particular The Article 29 Group on Data Protection, to oppose the data protection shield proposal, as the political agreement does not provide sufficient data protection and does not respect the judgment of the European Court of Justice in the Schrems case. Agencies ensure, in accordance with applicable law, that their data protection policies exclude persons who are not U.S. citizens or legitimate permanent residents from privacy with respect to personal data. [11] In October 2015, the European Court of Justice struck down the current framework, the International Safe Harbor Privacy Principles, in a case later known as « Schrems I ». » [3] Shortly after this decision, the European Commission and the United States

Les commentaires sont clos.