Privacy Shield is the proposed new deal between the EU and the US that is supposed to safeguard all personal data on EU citizens held on computer systems in the US from being subject to mass surveillance by the US National Security Agency.
"Privacy Shield represents a step backwards for the scope and definition to the right of privacy," said Marc Rotenberg, president and Executive Director of the US-based Electronic Privacy Information Center.
It will take a lot of work to fix #PrivacyShield. For now, @EuroParliament should require end of 702. @EPICprivacy https://t.co/lxdA0nwPjr
— Marc Rotenberg (@MarcRotenberg) March 17, 2016
The agreement has been under negotiation for months ever since the European Court of Justice ruled in October 2015 that the previous EU-US data agreement — Safe Harbor — was invalid. The issue arises from the strict EU laws — enshrined in the Charter of Fundamental Rights of the European Union — to the privacy of their personal data.
EPIC urges #FCC to broaden scope, substance of draft #privacy rules. https://t.co/57UIIEeU7H
— EPIC (@EPICprivacy) 21 March 2016
The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens' data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from Internet and communications usage, to sales transactions, import and exports.
The case arose when Maximillian Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the US National Security Agency (NSA) — the transfer of data from Facebook's Irish subsidiary onto the company's servers in the US do not provide sufficient protection of his personal data.
.@EP_Justice debates whether #PrivacyShield would protect Europeans' privacy https://t.co/PwfUHttV8y @MaxSchremshttps://t.co/jSbEHbK9oV
— European Parliament (@Europarl_EN) 18 March 2016
The court ruled that: "the Safe Harbor Decision denies the national supervisory authorities their powers where a person calls into question whether the decision is compatible with the protection of the privacy and of the fundamental rights and freedoms of individuals."
Cumbersome Redress
Speaking before the European Parliament on Privacy Shield, Rotenberg outlined several flaws in the proposed EU-US data transfer agreement, including a weak privacy framework, lack of enforcement, and a cumbersome redress mechanism.
In the short term, Rotenberg recommended that the EU condition acceptance of the Privacy Shield on the end of the '702 program' which permits bulk surveillance on Europeans by the US. EPIC along with other NGOs has urged the European Commission to rewrite the Privacy Shield, saying it fails to safeguard human rights and does not reflect changes in US law as required by the Schrems decision.