The Artic­le 29 Working Par­ty expres­ses its views on the intro­duc­tion of the Pri­va­cy Shield

The Artic­le 29 Working Par­ty today (July 26, 2016) issued a press release (Artic­le 29 Working Par­ty State­ment on the decis­i­on of the Euro­pean Com­mis­si­on on the EU‑U.S. Pri­va­cy Shield) com­men­ted on the intro­duc­tion of the Pri­va­cy Shield.

• The Working Par­ty reg­rets that the Pri­va­cy Shield does not intro­du­ce a gene­ral right to object or rules spe­ci­fi­cal­ly appli­ca­ble to auto­ma­ted decis­i­ons with respect to the eco­no­mic aspects of data sharing.
• Regar­ding the access of U.S. aut­ho­ri­ties to the trans­fer­red data, the working group would have hoped for stric­ter assu­ran­ces from the U.S. regar­ding the inde­pen­dence and com­pe­ten­ci­es of the ombuds­man office.
• With regard to the coll­ec­tion of per­so­nal data on a lar­ge sca­le, the working group lacks a con­cre­te assu­rance from the U.S. aut­ho­ri­ties to actual­ly refrain from such practices.

Fur­ther­mo­re, the first joint annu­al review of the ade­qua­cy decis­i­on will pro­ve to be a cru­cial moment to assess the sta­bi­li­ty and effi­ci­en­cy of the Pri­va­cy Shield. This also in view of the stan­dard con­trac­tu­al clau­ses and bin­ding inter­nal data pro­tec­tion rules. The­r­e­fo­re, it is of gre­at importance that all par­ties invol­ved in the review – i.e. also the EU data pro­tec­tion aut­ho­ri­ties – have access to all neces­sa­ry infor­ma­ti­on. In par­ti­cu­lar, also to infor­ma­ti­on that allo­ws an assess­ment of the pro­por­tio­na­li­ty with regard to the coll­ec­tion of per­so­nal data by U.S. authorities.