Safe Harbour “Privacy Shield” Rejected by Regulators
19th Apr // 2016
The most recent version of an EU-US surveillance protection agreement has been rejected by data regulatory group the Article 29 Working Body, who say that the possibility of “mass and indiscriminate” data collection is not acceptable. Additionally there are concerns from the group on the suggestion that the US ombudsman should deal with European complaints.
Although the Working Group is not a law-setting body, their decisions are often used by law-makers as the basis of national rulings so this is a good indication that the law may not stand up if tested in high-level courts, as the previous agreement, Safe Harbour, was. The rejection of the agreement may mean a longer period of confusion for businesses that rely on data transfer between the UK and the US, as current legal position is unclear. Kathryn Wynn, data protection law expert at Pinsent Masons says, "The Working Party's opinion on the level of protection afforded by the EU-US Privacy Shield is of major importance to organisations with trans-Atlantic trade business operations that have been left dealing with an uncertain legal environment since the safe harbor regime was invalidated.”
In the absence of an enforceable data transfer scheme in place UK businesses should still self-assess their current data protection measures, but it is advised that this is only applicable as a compliance tool until the General Data Protection Regulation comes in to force.
Hopefully the situation can be sorted in the near future as this is a very real issue for businesses dealing with international data transfer. Kathryn Wynn comments, “The reality is that international transfers of data are vital to economic growth and there needs to be a pragmatic solution adopted by the courts, policy makers and data protection authorities to recognise this.”