Privacy Shield dented? The EU Parliament’s Civil Liberties, Justice and Home Affairs Committee identifies deficiencies in US implementation of the Privacy Shield
The European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) visited Washington in the last week of July, not for a summer holiday, but to discuss the upcoming Privacy Shield review with the new US administration. Also on the agenda were counter-terrorism and immigration. For transatlantic data flows, the outcome of the meeting between the delegation of European Parliament and the Trump administration was far from satisfactory with the Civil Liberties Chair, Claude Moraes, voicing concerns over “deficiencies” that need to be addressed to ensure that the Privacy Shield complies with the EU Charter of Fundamental Rights and the General Data Protection Regulation ahead of its application throughout the EEA in May 2018.
While both LIBE and the US administration reiterated their continued commitment to make the Privacy Shield work, the meeting highlighted a number of issues to be resolved. In particular, LIBE identified several key positions that still need to be filled under the new US administration if the conditions of the adequacy decision are to be met. These, Claude Moraes says, would include “Some of the necessary functions of the Federal Trade Commission, the Privacy and Civil Liberties Oversight Board that is currently lacking four of its five commissioners and the ombudsperson, who is currently only in an acting capacity.”
The EU delegation also drew attention to open questions on the commercial aspects of the Privacy Shield as well as the ongoing review of Section 702 of the Foreign Intelligence Surveillance Act, Presidential Policy Directive 28 and law enforcement issues, which, according to LIBE, are essential components of the US commitments. Chairman Moraes also highlighted concerns around the state of surveillance reform in the US, an added deficiency that must be addressed immediately to ensure that the Privacy Shield stands the test of time and serves its purpose.
LIBE’s visit appears to have fulfilled its objective, which was “to obtain up-to-date information on the state of play in the US on major topics which fall within the remit of the LIBE Committee” such as the protection of personal data and the implementation of the EU-US Privacy Shield. Unfortunately, it transpires that, in Claude Moraes’ words, “Deficiencies still remain and must be urgently resolved to ensure that the Privacy Shield does not suffer from critical weaknesses”. The EU Data Protection Commissioners are due to issue their assessment of how the agreement is working by the end of the year. Sceptics might say that, in the light of the shortcomings identified by LIBE and the increasingly dysfunctional political landscape in the US, that assessment is unlikely to be entirely positive.