Lawmakers and experts have voiced doubts about the value of new rules proposed by the European Commission to protect the privacy of EU citizens' data transferred to the United States.
Speaking at a public hearing in the European Parliament on the EU-US Privacy Shield, centre-left Dutch MEP Sophia In 't Veld questioned the legal status of the written assurances of US authorities that are supposed to offer Europeans better protection from government snooping than the previous "Safe Harbour" agreement.
“What will they be worth if they are signed by President Trump?” she added.
The MEP also took to Twitter to say that the European Commission was "taking a big risk" in pushing the agreement "if it is not absolutely legally watertight."
Isabelle Falque-Pierrotin, head of the French privacy regulator CNIL, said that regulators could only assess the legality of the deal under the current, relevant EU laws, which date back to 1995, but new, tougher rules are expected to be adopted in just a few months' time. Falque-Pierrotin, also expressed concerns about the availability of redress mechanisms proposed in the deal.
"Privacy Shield doesn't change anything," said Max Schrems, the Austrian privacy activist whose legal action against Facebook at the European Court of Justice destroyed the Safe Harbour agreement. "There is an ombudsman that you can address but she will only tell you whether everything is fine or not but won't tell you anything about your case, or even if you were subject to surveillance."
In an interview on the European Parliament's web channel, Schrems said that company lawyers could easily override the new protections with "two lines in a privacy policy."
"The court has requested essentially equivalent protection from the Privacy Shield but it doesn't give it," he said.
Some MEPs, however, argued that the new arrangement was better than the previous one. Centre-right German MEP Axel Voss said: "Privacy Shield is not Safe Harbour because it guarantees effective protection of EU individuals' privacy rights." The new deal would meet the concerns of the European Court of Justice because it contains clear limits on US government access to data, he said.
The Privacy Shield has been agreed between EU and US negotiators but the EU's Member States and their national data protection authorities still need to be consulted on the rules required to implement the deal.
Data protection is a fundamental right under the EU Charter of Fundamental Rights and the Lisbon Treaty gives the European Parliament a strengthened role in international agreements.
The Parliament has used these powers on a number of occasions to force changes to legislation, such as in 2010 when it rejected the provisional application of the Terrorist Finance Tracking Programme (TFTP) agreement.
The European Parliament's civil liberties committee has issued a press release about the hearing here.
The authors:
Jennifer Sharman Koh is a solicitor of England & Wales who has practiced international arbitration in London, Paris and Brussels, advising multinationals and governments on major international disputes. She has extensive document review experience both in the development of managed review protocols and in the practical setting-up of reviews across Europe. At LexSensis, she built-up a large network of lawyers to work on document reviews across Europe, whatever the country, whatever the language. Jennifer is responsible for operational and strategic aspects of LexSensis and is the key client contact in the Benelux.
Io-Anna Lianos is a dual-qualified solicitor admitted in England and Wales and at the Athens Bar Association, Greece. She is an expert consultant in complex eDiscovery and Managed Review processes with years of experience managing large-scale document review projects across Europe and Asia. In 2009, Io-Anna founded DLR Legal, one of the pioneers of document review consulting in London, specializing in multilingual reviews across Europe. She built up a large Europe-wide network of document review specialists, covering 28 jurisdictions and a multitude of languages. Over the course of her career to date, Io-Anna has advised clients on all aspects of managed review processes, including on best practices for solving complex managed review and legal staffing needs. She is the Director of LexSensis, responsible for all operational and strategic aspects.