An Irish privacy advocacy group has filed a legal challenge against the US-EU Privacy Shield data transfer framework, on grounds of its allegeldy lax privacy protections.
The framework, which underpins billions of dollars in trade, pierces the tough shell of EU privacy laws by allowing US businesses to ship personal data between the two without falling foul of the latter's tougher data transfer privacy requirements.
Digital Rights Ireland, the lead plaintiff in a landmark 2014 European Court of Justice decision to strike out the EU Data Retention Directive, has now in a widely-expected moved challenged the adoption of the pact by the EU executive seeking the decision to be annulled.
A hearing could be a year away and may fail if the court finds Privacy Shield does not concern Digital Rights Ireland, sources close to the matter told Reuters.
Hamburg's data protection authority is also considering a legal challenge against the EU endorsement of Privacy Shield. Meanwhile an EU committee of national data protection authorities dubbed the Article 29 Working Party flagged concerns with the "mass and indiscriminate collection of personal data".
The US Department of Commerce is also understood to have be on alert for a possible legal challenge.
Many big technology companies have already signed on for the Privacy Shield. Google joined framework in September, behind Dropbox, and Oracle and Microsoft which eagerly penned signatures in late August, the same month member registration opened.
More continue to follow. The Register's searches of the Privacy Shield site reveal Cisco and its 15 entities including security consultancy Neohapsis signed up overnight as an active member shipping non-HR data.
The latter's membership follows its August bid to justify its support of Privacy Shield that laws and its ability to let customers choose where data physically resides is why the company "welcomes [the] new framework for transatlantic data flow".
Other major technology players signing onto Privacy Shield include