ransatlantic transfers of digital data are once again safe to continue, thanks to a new deal between the EU and US called EU-US Privacy Shield. This will replace the old Safe Harbour principles overturned by the European Court of Justice.
At least, that’s what you’d think, given the immediate response of technology company lobbies and professional organisations, the American Chamber of Commerce, even our own Government.
But – ahem – there’s still no “deal”, as European Green MEP and privacy advocate Jan Philipp Albrecht was quick to note on Twitter.
You had to be listening pretty carefully to the briefing, which danced adeptly around this key point. But Privacy Shield is still just a proposed framework for guaranteeing that European data is given the same protections when transferred to the US, as they would be given in the EU.
It’s not a done deal. It hasn’t even been formally drafted yet. As it stands, it is a set of verbal agreements and some “written assurances” that the US will not subject EU data to mass surveillance, and offers some redress for EU citizens who bring complaints, à la Max Schrems (his case, regarding the Irish Data Protection Commissioner’s handling of his complaint about his Facebook data, prompted the ECJ decision).