The data exchange between the EU and the US may still not be legally secure, even after agreeing on the EU US Privacy Shield. The EU will decide next week whether the agreement adequately takes into account the privacy rights of EU citizens.
An executive order by President Trump in January 2017 initially caused concern that the data of EU citizens could be excluded from US privacy regulations. EU Justice Commissioner Vera Jourova is critical of the order and has already signalled to the US that the agreement may be suspended if the requirements are not met by the Americans.
Last week, a resolution was issued by the European Parliament’s Judiciary Committee, in which the European politicians reiterated that the potential mass monitoring of European data, implied by the US, did not correspond to the agreements.
As a follow-up to the Safe Harbor regulations, which were suspended in 2015, the EU and US have decided on the new EU-US Privacy Shield agreement in 2016. This refers to, among other things, the transfer of personal data to the US, for example regarding user data for online services, search engines or social networks. Controls and checks on how companies deal with the data transfer are not obligatory per agreement, as the companies themselves simply have to commit to the rules in order to benefit from the simplified data traffic to the US.
The committee not only criticised the self-monitoring by US companies, but also the alleged mass surveillance of data by US authorities. The Committee also expressed doubts about the independence of the ombudsmen and arbitrators in the US. A further vote on the Privacy Shield Agreement will take place next week in the EU Parliament.
As early as the beginning of 2016, critics of the Privacy Shield had concluded that the Safe Harbor-replacement did not provide legal certainty over the protection of EU user rights.