kentoh - Fotolia

EU-US Privacy Shield wins EU backing to proceed

The US data-transfer agreement wins the backing of the European Union, paving the way for it to come into force

The EU-US Privacy Shield has taken a step closer to coming into force, with the contents of the data-transfer agreement winning the backing of the European Union (EU).

Government representatives from all 28 EU members were asked to vote on whether or not the US data-transfer agreement should be approved in its present state.

In a joint statement, European commissioner Věra Jourová and Andrus Ansip, EC vice-president in charge of the Digital Single Market, confirmed the outcome of the vote.

“This paves the way for the formal adoption of the legal texts and for getting the EU-US Privacy Shield up and running,” the statement reads.

“For the first time, the US has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has ruled out indiscriminate mass surveillance of European citizens’ data.”

Previous drafts of the agreement had prompted concerns to be raised about the inner workings of the arrangement by European data protection and privacy experts.

DigitalEurope, a technology industry body, welcomed the final version of the agreement because it offers “greater clarity” on how a number of issues – including the proposed introduction of an ombudsmen to oversee the operations of the agreement – would work.

“We are pleased that the Privacy Shield mechanism has received broad support from member states,” said John Higgins, director general of DigitalEurope.

“While negotiations have not been easy, we congratulate the European Commission and the US Department of Commerce on the hard work over the past months, which was aimed at restoring trust in data transfers between the EU and US.”

Read more about EU-US Privacy Shield

The EU-US Privacy shield is being ushered in as a replacement for the defunct Safe Harbour agreement, after it was ruled invalid by the European Court of Justice in October 2015.

This was on the back of a legal challenge by Austrian Max Schrems, who questioned the ability of Safe Harbour to protect the data of European citizens from the mass surveillance activities of the US government.

Up until that point, Safe Harbour had been used by more than 3,000 companies – including technology firms such as Facebook, Google and Microsoft – to transfer the data of European citizens to the US for processing.

While the contents of the EU-US Privacy Shield was being hammered out, companies were advised to make use of alternative data-transfer mechanisms, including standard contractual clauses.

DigitalEurope’s members, which includes Amazon, Google and Microsoft, are ready to implement the EU-US Privacy Shield and stop using alternative data transfer mechanisms.

“We hope that the Privacy Shield will ease some of the recent pressure on alternative transfer mechanisms, particularly standard contractual clauses, so that Europe can get back to focusing on how international data flows can play a part in contributing to economic growth,” said Higgins.

Read more on Privacy and data protection