The European Commission has warned that the US must comply with the data protection rules agreed in 2016, or risk disruption to businesses that rely on European user data.
Earlier this month, the Members of European Parliament voted to suspend the agreement known as the EU-US Privacy Shield, unless the US is “fully compliant” by September 1, 2018.
Now, EU commissioner for justice Vera Jourova has written to US commerce secretary Wilbur Ross to request appointment of a senior staff member to oversee compliance, and ensure American businesses adhere to EU standards when handling personal data of EU citizens, reported the Financial Times.
It was good while it lasted
The Privacy Shield was designed as a replacement for the Safe Harbor, a framework that introduced privacy safeguards for data exchange between the EU and the US back in 2000.
This framework was invalidated in 2015 after Austrian student Max Shrems proved in court that Facebook provided European citizen data to the National Security Agency (NSA). The case was based on documents supplied by Edward Snowden, and is perhaps the most notable example of the legal changes brought about by these revelations.
The Privacy Shield was developed by the European Commission and the US Department of Commerce as a mechanism through which the US companies could adhere to strict European personal data protection rules without submitting to the authority of EU’s information commissioners.
To date, more than 3,400 US and EU companies have registered with the updated framework.
However, the Privacy Shield has been a target of criticism since day one, since it assumes compliance by default as long as the company has registered with the US Department of Commerce, and doesn’t have a robust enforcement mechanism.
“Progress has been made to improve on the Safe Harbor agreement but this is insufficient to ensure the legal certainty required for the transfer of personal data. The law is clear and, as set out in the GDPR, if the agreement is not adequate, and if the US authorities fail to comply with its terms, then it must be suspended until they do,” British MEP Claude Moraes, chair of the EU Parliament’s Civil Liberties Committee, said on July 5.
The warning comes at a period of increasing tensions between the US and its European allies, with the Trump administration criticizing countries like Germany and France, and failing to appoint dedicated staff to address data privacy complaints from EU citizens.
“Now that the new state secretary is in office and we are almost two years into the term of this administration, the European stakeholders find little reason for the delay in the nomination of a political appointee for this position,” Jourova wrote, as reported by the FT.
Meanwhile Schrems, the student who was responsible the demise of the Safe Harbor agreement and has now graduated to become a lawyer, is currently challenging Privacy Shield in the European Court of Justice, so there’s no telling if the framework will survive in its current state, even if the US government decides to meet the demands made by the EU.