EU privacy watchdog rejects US data agreement

EU privacy watchdog rejects US data agreement
© Getty Images

Europe’s data privacy watchdog on Monday said that a pending deal between the United States and the European Union needs “robust improvements."

“I appreciate the efforts made to develop a solution to replace Safe Harbor but the Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the [European high court],” European Data Protection supervisor Giovanni Buttarelli said in a statement.


The EU high court last fall overturned the old Safe Harbor agreement — negotiated in 2000 — on the basis that the U.S. could not meet the EU's privacy standards, in part because of the intelligence practices revealed by former National Security Agency contractor Edward Snowden.

The same concerns continue to dog approval of the new agreement. Critics have long warned that unless the U.S. overhauls its privacy and national security laws, no legal framework could stand up in European courts.

“It’s time to develop a longer term solution in the transatlantic dialogue,” Buttarelli said Monday.

The statement comes as pressure is growing for Europe to renegotiate the terms of the deal, agreed to by the European Commission and the U.S. in February. It is intended to allow U.S. firms to continue to legally handle European citizens’ data outside of the EU, but critics are concerned that it doesn’t go far enough to protect privacy.

EU lawmakers last week urged the European Commission to renegotiate “deficiencies” in the agreement, passing a nonbinding resolution 501-119 on Thursday.

Buttarelli echoed that call.

“Significant improvements are needed should the European Commission wish to adopt an adequacy decision,” the watchdog said.

The Commerce Department has indicated that it would be reluctant to renegotiate the deal with the Commission, although the stakes are enormous should a new legal mechanism not be established. Businesses fear a chilling of transatlantic trade, valued at $1 trillion in 2014.

In announcing the Privacy Shield earlier this year, European Commission officials insisted that the U.S. had provided “detailed written assurances” that surveillance of Europeans’ data by intelligence agencies would be subject to appropriate limitations.

But Buttarelli indicated that the limitations, although explicit, were still too broad.

Whereas under the original Safe Harbor agreement access to data for national security was considered an exception, “the attention devoted in the Privacy Shield draft decision to access, filtering and analysis by law enforcement and intelligence ... indicates that the exception may have become the rule,” the opinion reads.

“While we welcome the transparency of the U.S. authorities on this new reality, the current draft decision may legitimise this routine,” Buttarelli writes.