The review of the proposed Privacy Shield data transfer agreement should have been done more formally and asked the correct questions.
Speaking at the IAPP Conference in London, outgoing Information Commissioner Christopher Graham, whose seven-year term ends in June, said that he “wished we had been involved” in discussions around Privacy Shield.
Saying that when the Article 29 Working Party were reviewing documents, it would be sensible if the European Court of Justice and USA had sat down and asked the important questions about the proposal, and asked questions about the lack of clarity around the documentation and the justification for bulk data collection.
“We were concerned about the process of transferring data to the USA which was moved on to third countries, and these are perfectly reasonable questions to ask and if there are not answers, there will only be trouble down the road,” he said.
“I would urge corporates - who have an interest in getting this thing sorted out so we can move on to more constructive uses of our time - to have a word in the ear of the administration to get answers to the questions so we can all move along, as the amount of data moving between Europe and the USA is important, and that underpins the prosperity on both sides of the Atlantic. So we need to get on with that.”
Last week the Article 29 Working Party. – a group comprised of representatives from member states’ data protection authorities, rejected the Privacy Shield data sharing agreement between the EU and the United States, claiming that several points need to be clarified to ensure the safety of citizens’ data.
It said in a statement that while it welcomes the significant improvements brought by the Privacy Shield compared to the Safe Harbor decision, it had strong concerns on both the commercial aspects and the access by public authorities to data transferred under the Privacy Shield.