First EU-US Privacy Shield annual review to take place in September

Framework continues to draw criticism from campaigners

The inaugural annual review into the operation of the EU-US Privacy Shield is to take place in September this year.

EU justice commissioner Věra Jourová confirmed the timing of the review in a speech in Washington late last week.

"[The review] will be an important milestone where we need to check that everything is in place and working well," Jourová said. "If we want to further consolidate this new transatlantic bridge, we need the active engagement and contribution of all interested parties to the review."

The Privacy Shield facilitates the transfer of personal data between the EU and US businesses signed-up to the scheme. The framework was put in place last year to replace a previous system which was effectively invalidated by the EU's highest court in 2015.

The European Commission has deemed that data transfers handled in accordance with the Privacy Shield principles will adhere to EU data protection law requirements. The Commission negotiated amendments with US counterparts to an earlier draft of the framework following criticisms raised by EU data protection authorities. However, the framework has continued to draw criticism from privacy campaigners and is the subject of two separate legal challenges.

A recent motion put forward by MEPs cited concerns with the Privacy Shield, including how the scheme addresses US bulk surveillance powers and accounts for judicial redress for EU citizens in the US. It also highlighted concerns about limitations on the rights of data subjects and inconsistencies in wording compared with EU data protection law.

The motion also referred to the forthcoming annual review of the framework, which will be conducted jointly by EU and US officials. It said the review should consist of "a thorough and in-depth examination of all the shortcomings and weaknesses" it and others, such as EU data protection authorities, have identified with the Privacy Shield, and that reviewers should "demonstrate" how those issues have been addressed to ensure the framework is compliant with fundamental EU rights and laws.

In addition, the motion called for all members of the review team to have "full and unrestricted access to all documents and premises necessary for the performance of their tasks, including elements allowing a proper evaluation of the necessity and proportionality of the collection and access to data transferred by public authorities, for either law enforcement or national security purposes". The reviewers should also each be given the freedom to "express their own dissenting opinions in the final report."

Copyright © 2016, is part of international law firm Pinsent Masons.

Other stories you might like

Biting the hand that feeds IT © 1998–2021