Category: Defense / Security
On 18 September 2017, Secretary of Commerce Wilbur Ross and European Commissioner Vĕra Jourova will open the first annual review of the Privacy Shield agreement.
This agreement provides a framework to ensure the protection of EU citizens’ personal data transferred for commercial purposes between the EU and the US. 2,400 companies from all sectors and sizes – including a large part of SMEs – are certified under the Privacy Shield. The review is not only important for certified companies but for all businesses relying on transatlantic data flows.
The flow of data between the EU and US – by far the highest in the world – is 50% higher than the data flows between the US and Asia in absolute terms, and 400% higher on a per capita basis. The US is also both the largest supplier of digitally-provided services to Europe and the largest non EU-consumer of EU digitally-provided services. The ability to transfer personal data is crucial for all businesses with activities on both sides of the Atlantic. Personal data transfers are essential to the competitiveness of many segments of industry, such as manufacturing or retail. The agreement has a significant economic impact and is a testament to a strong transatlantic relationship.
The adoption of the Privacy Shield agreement on 12 July 2016 restored much-needed legal certainty for the ability of businesses to transfer personal data after the Safe Harbour Agreement had been struck down by the EU Court of Justice. During the two-day review exercise, European Commission representatives will meet their US counterparts and aim to verify the correct implementation of the agreement.
The Privacy Shield has been under significant pressure in its first year of implementation with two ongoing court challenges. In the first months of the new US Administration, some concerns were also raised about possible changes to the legal foundations of the Privacy Shield. Other institutional actors have also been engaged in the debate. The European Parliament, in a resolution adopted in April this year, as well as the European Data Protection Authorities (DPAs) have been critical of the institutional setting of the agreement, questioning its robustness. The business community supports the agreement, with the view that it strikes the right balance between a high level of protection for personal data of EU citizens and enabling data flows. Leaders on both sides of the Atlantic reiterated the importance of this framework ahead of the first annual review.
Supporters of the Privacy Shield can be hopeful the review will bring continuity. The review does not aim to renegotiate the agreement. However, should the European Commission have concerns with its findings, it could ask for non-substantial changes. The Commission, while supporting the agreement and its economic importance, will also need to address the concerns issued by some parts of the European Parliament and DPAs.
By Maika Fohrenbach, Policy Adviser (MFO@amchameu.eu)