Privacy Shield on Shaky Ground: What's Up with EU-U.S. Data Privacy Regulations:
There's a lot going on in the privacy and data protection world. But one of the most pressing issues is the uncertain fate of Privacy Shield, the framework governing the flow of data between the EU and the U.S. for commercial purposes.
The Trump Administration has been given an ultimatum: comply with Privacy Shield, or risk a complete suspension of the EU-U.S. data sharing agreement. In a letter dated July 26, EU commissioner for justice Věra Jourová wagered to U.S. commerce secretary Wilbur Ross that suspension of the EU-U.S. Privacy Shield system would incentivize the U.S. to comply fully with the terms of the agreement. But Jourová's urging that Ross "be smart and act" in appointing senior personnel to oversee the data sharing deal is hardly new. The July letter closely echoes a European Parliament (EP) resolution passed just three weeks earlier, and the European Commission (EC) voiced similar sentiments in its review of the Privacy Shield Framework last September. Further adding to the chorus of voices raising concerns about Privacy Shield compliance are tech and business groups, which jointly called for the nomination of a Privacy Shield ombudsperson in an Aug. 20 letter.
In addition to admonishing the EC's failure to hold the U.S. accountable thus far, the EP resolution calls for a suspension of Privacy Shield if the U.S. has not fully complied by Sept. 1-though no such suspension has yet been announced. It also expresses serious concerns regarding the U.S.'s recent adoption of the Clarifying Lawful Overseas Use of Data (Cloud) Act and the legislation's potential conflict with EU data protection laws. With the General Data Protection Regulation (GDPR)-the EU's new regulatory regime for the protection of individual data-having come into effect on May 25, 2018, the EP considers the EC in contravention of GDPR Article 45(5). This article requires the EC to repeal, amend, or suspend an adequacy decision to the extent necessary once a third country no longer ensures an adequate level of data protection- until the U.S. authorities comply with its terms.
So what led to this ultimatum, and what's next on the global data protection stage?
(Via Lawfare - Hard National Security Choices)
The article gives a level set on Privacy Shield and then dives into specific areas. I highly recommend giving this a good read.
Also on: