Posted by Kevin on February 2, 2016.
Despite what you read in the press, Privacy Shield is no Safe Harbor replacement agreement between the EU and the US. What we have is an agreement between two sets of negotiators to agree talking in a generalized way in the hope of reaching an agreement that maybe could become binding. Neither of those parties have the authority to make a binding agreement. The reality is that we are as far away from a solution to this problem as we have ever been.
If the EC attempts to reach an agreement on its own it will likely be struck down by the ECJ for the very same reason that the court struck down the first version: the EC does not have the constitutional right to limit national laws (the data protection laws). It will require support from other bodies. It is looking to get that support from the national governments (who will likely agree), but it will probably also need the support of Parliament. That will be less easy and will take longer.
It will be even harder for the US to agree the deal being negotiated. Obama is on his way out and he will probably be replaced by a right wing Republican – who will be disinclined towards being bound by Europe. Even more concerning is whether the Europeans will accept US verbal commitments to prevent mass surveillance by the NSA when the US law allows it. No Republican will change those laws.
Nevertheless, US companies will be relieved by the news of the Privacy Shield agreement. They should not be complacent. The EC might (but as easily might not) be able to persuade the European data protection regulators to extend their January 31 deadline for enforcement action – but there is nothing to prevent concerned citizens (whether that is Schrems again, or some other person or body) from taking action personally.
Privacy Shield is a shield made of rice paper – no actual shield, just a good looking attempt to appear palatable.Submitted in: Expert Views, Kevin Townsend's opinions |