Some of the world’s biggest rights groups have urged European policy makers to send the recently negotiated Privacy Shield agreement between the EU and US back to the drawing board.
The call came in the form of an open letter to the chairman of the European Commission’s Article 29 Working Party; the chair of the Committee on Civil Liberties, Justice, and Home Affairs; justice commissioner Vera Jourová; and the ambassador and permanent representative of the Netherlands to the EU.
Unless there are substantive reforms to the agreement – which superseded the long-running Safe Harbor deal on data sharing between the two regions – then it will put users at risk, undermine the digital economy and perpetuate human rights violations occurring as a result of surveillance programs, it argued.
The letter continues:
“The Article 29 Working Party thoughtfully outlined four key conditions for an agreement to meet the standards of European legislation and guarantee the protection of human rights in intelligence activity, including clarity of law, use of human rights standards, incorporation of independent oversight, and availability of effective remedy. Unfortunately, the Privacy Shield manifestly fails to provide for these objectives.”
The rights groups’ main beef appears to be that the “same inadequacies in US law” mean EU citizens still don’t know what will happen to their data if it’s transferred to a datacenter across the Atlantic.
The US “continues to deny the relevance and application of the internationally-accepted standards of necessity and proportionality in its surveillance operations,” and the oversight mechanism established by the new deal is neither independent nor has enough power to investigate complaints properly, they argued.
What’s more, individuals aren’t even informed when their personal info is “collected, disseminated, or used” under the terms of the deal, so it would be difficult for them to seek any remedy.
The group argued that the Privacy Shield should be contingent on the US reforming its surveillance laws within a “reasonable time” to limit the scope of collection of “foreign intelligence information” and end indiscriminate surveillance.
Also needed are increased protections for personal data used commercially, in line with the EU Court of Justice (CJEU), and “provisions to ensure appropriate redress and transparency.”
Privacy International, the Electronic Frontier Foundation, American Civil Liberties Union (ACLU), and Amnesty International USA are just some of the 27 names which have signed the letter.
However, given the agreement has taken over two years to thrash out, and the US’s intransigence on surveillance activities, it’s unlikely to have a major impact.
It should be noted that the group argued that its points still stand even though much of the detail of Privacy Shield has yet to be revealed, simply because the same inadequacies in US law exist as they did when the CJEU effectively scuppered Safe Harbor in its landmark ruling last year.