EU-U.S. data transfer pact passes first annual review
Send a link to a friend
 [October 18, 2017]
By Julia Fioretti
BRUSSELS (Reuters) - A year-old pact
underpinning billions of dollars of transatlantic data transfers won a
green light from the European Union on Wednesday after a first review to
ensure Washington protects Europeans' data stored on U.S. servers.
The EU-U.S. Privacy Shield was agreed last year after everyday
cross-border data transfers were plunged into limbo when the EU's top
court struck down a previous data transfer pact in 2015 because it
allowed U.S. spies excessive access to people's data.
The European Commission last month conducted its first annual review of
the framework as it seeks to ensure the United States lives up to its
promises to better protect Europeans' data when they are transferred
across the Atlantic - failing which it could suspend the Privacy Shield.
The EU executive said it was satisfied that the framework continues to
ensure adequate protection for Europeans' personal data although it
asked Washington to improve the way it works, including by strengthening
the privacy protections contained in a controversial portion of the U.S.
Foreign Intelligence Surveillance Act (FISA).
The conclusion will come as a relief to the more than 2,400 companies
signed up to the scheme, including Alphabet Inc's Google, Facebook and
Microsoft, especially since the Privacy Shield is already being
challenged in court by privacy activists.
The Commission said the U.S. Department of Commerce should be more
pro-active in monitoring companies' compliance with the privacy
obligations in the framework.
"Transatlantic data transfers are essential for our economy, but the
fundamental right to data protection must be ensured also when personal
data leaves the EU. Our first review shows that the Privacy Shield works
well, but there is some room for improving its implementation," EU
Justice Commissioner Vera Jourova said.
[to top of second column] |
An illustration picture shows a projection of binary code around the
shadow of a man holding a laptop computer in an office in Warsaw
June 24, 2013. REUTERS/Kacper Pempel
Companies wanting to transfer Europeans' personal data outside the bloc have to
comply with tough EU data protection rules which forbid them from transferring
personal data to countries deemed to have inadequate privacy protections unless
they have special legal contracts in place.
The Privacy Shield allows firms to move data across the Atlantic without relying
on such contracts, known as model clauses, which are more cumbersome and
expensive.
The Commission urged the United States to appoint a permanent Privacy Shield
Ombudsperson - a new office that was created to deal with complaints from EU
citizens about U.S. spying, but which is currently only filled on an "acting"
basis.
It also urged Washington to fill empty posts on the Privacy and Civil Liberties
Oversight Board.
In addition, the Commission said it would welcome privacy protections for
foreigners contained in a Presidential Policy Directive issued by former U.S.
President Barack Obama being enshrined in FISA.
Section 702 of FISA - that allows the U.S. National Security Agency (NSA) to
collect and analyze emails and other digital communications of foreigners living
overseas - will expire at the end of the year unless it is re-authorized by the
U.S. Congress.
(Reporting by Julia Fioretti; Editing by Adrian Croft)
[© 2017 Thomson Reuters. All rights
reserved.] Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
