Privacy Shield under pressure as lawyers back MEPs' call for suspension

Civil liberties group visits Washington for four-day data and privacy talks

The US is under increasing pressure over Privacy Shield as an EU lawyers' association backed MEPs’ calls for a suspension of the deal.

Privacy Shield – which governs trans-Atlantic data flows, making it essential for the day-to-day workings of large numbers of companies – was hurriedly drawn up in summer 2016 after its predecessor, Safe Harbor, collapsed.

At the time the deal was signed, there were a number of misgivings from data protection watchdogs and observers – but the implication was that they would be ironed out once it was in place. That they still haven't is a source of increasing frustration for MEPs, privacy watchdogs and activists.

Now, the Council of Bars and Law Societies of Europe (CCBE) – which represents 32 member countries and 13 associate and observer countries – has repeated its concerns over the deal's suitability and called for an immediate suspension.

"The CCBE calls on the Commission to suspend the Privacy Shield and to offer its reimplementation on the condition that the necessary guarantees and safeguards, which are currently lacking, have been implemented," it said.

The intervention comes as a group of MEPs, who called for a ban on the deal if the issues aren't addressed by September, travels to Washington to discuss data privacy.

Relations between the US and the European Union are already strained over issues such as NATO and Russia, and the prospect of another data transfer deal collapsing heaps pressure on both sides as businesses are reliant on being able to send data across the Pond.

Max Schrems

Schrems' Facebook case edges closer to ruling over EU-US data flows


This is partly because other methods, such as the Standard Contractual Clauses that firms fell back on in the aftermath of the Safe Harbor ruling, are also under pressure as they await a ruling from the Court of Justice of the European Union in Max Schrems' long-running case against Facebook.

Time to take action

When Privacy Shield was agreed, one of the terms was an annual review. The first such report said there was still much to do, including work to meet specific requirements for oversight, as well as broader questions on the Trump administration’s attitudes to privacy and security.

In spite of this, the European Commission said Privacy Shield offered an "adequate" level of protection for personal data transferred from the EU to the US – a position that disappointed many observers and drew criticism from EU watchdogs.

With the problems looking no closer to being fixed, the European Parliament voted in favour of a resolution this month calling for the deal to be suspended if it isn't up to scratch by 1 September – a resolution the CCBE today backed.

The CCBE pointed to a number of specific problems it sees with the new deal and with the annual review, saying that "none of these crucial issues are sufficiently addressed in the report". In a document issued alongside the statement, the CCBE listed its concerns over a lack of legal remedies, binding control and oversight.

For instance, it said that the Privacy and Civil Liberties Oversight Board "does not have any effective powers and is thus a toothless tiger that cannot protect European citizens from arbitrary interferences".

The group argued that this external board isn't a judicial body, while the internal oversight body isn’t properly independent from the executive – which means the basics of the deal are deficient.

The CCBE also took issue with the "limited competence" of the ombudsman, saying that this post can only request further action by a US government body or request information.

"It cannot order the authorities to cease and discontinue unlawful surveillance, or order the permanent destruction of information obtained through direct and indirect surveillance," the CCBE said.

In addition, the group questioned whether people who have been subject to unlawful surveillance would able to launch a challenge against it, saying that the "legal situation is everything but clear and it remains an open question whether effective legal remedies exist".

Moreover, it warned these targets might not even be told of any surveillance measures used against them – something that is required under EU law once the measures have been ended, which would allow them to sue for damages.

The CCBE's intervention comes as MEPs on the EU's civil liberties and justice committee (LIBE) begin a four-day trip to Washington to discuss Privacy Shield, along with other data protection issues, with the US government.

The group of nine will meet representatives from the US Departments of State, Justice, Homeland Security and Commerce, as well as the Federal Trade Commission, politicians from the US Congress and Senate, along with industry and NGOs.

Other issues on the table are the Facebook data harvesting scandal, counter-terrorism and cyber security. ®

Similar topics

Broader topics

Narrower topics

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022