Privacy Shield is the proposed new deal between the EU and the US that is supposed to safeguard all personal data on EU citizens held on computer systems in the US from being subject to mass surveillance by the US National Security Agency (NSA).
The data includes personal data on social media sites, as well as any transaction made between an EU citizen and any company in the US. Human rights groups say any such data must be fully protected from mass surveillance by US authorities.
The Privacy Shield agreement has been negotiated between the European Commission and the US and is set to be ratified by the end of June, if the Commission gets its way. However, lawmakers in the European Parliament want to pass a resolution expressing disapproval of the deal and are scrambling to garner enough support for a vote — which will not be binding on the agreement.
Civil society groups say: #PrivacyShield is not enough — renegotiation is needed #safeharbor https://t.co/XnQH8LBUTt pic.twitter.com/DPV1xMkgwJ
— EDRi (@edri) March 16, 2016
The agreement has been under negotiation for months ever since the European Court of Justice ruled in October 2015 that the previous EU-US data agreement — Safe Harbor — was invalid. The issue arises from the strict EU laws — enshrined in the Charter of Fundamental Rights of the European Union — to the privacy of their personal data.
#UmbrellaAgreement will help EU and US justice and police authorities fight crime+ terrorism w/ high #DataProtection standards for citizens
— Věra Jourová (@VeraJourova) April 29, 2016
The Safe Harbor agreement was a quasi-judicial understanding that the US undertook to agree that it would ensure that EU citizens' data on US servers would be held and protected under the same restrictions as it would be under EU law and directives. The data covers a huge array of information — from Internet and communications usage, to sales transactions, import and exports.
Facebook Judgement
The case arose when Maximillian Schrems, a Facebook user, lodged a complaint with the Irish Data Protection Commissioner, arguing that — in the light of the revelations by ex-CIA contractor Edward Snowden of mass surveillance by the US National Security Agency (NSA) — the transfer of data from Facebook's Irish subsidiary onto the company's servers in the US do not provide sufficient protection of his personal data.
Privacy Shield promises that" for the first time, the US government has given the EU written assurance from the Office of the Director of National Intelligence that any access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms, preventing generalized access to personal data […] through an Ombudsperson mechanism within the Department of State, who will be independent from national security services."
However, human rights groups and many lawmakers say the provisions are so weak as to render the whole agreement ineffective in protecting the personal data of EU citizens.