- The working group criticizes the fact that the Privacy Shield does not provide for a general right to object and no specific rules for automated decisions.
- Stricter assurances from the USA on official data access and comprehensive access to information for the EU data protection authorities during the annual review are required.
The Article 29 Working Party today (July 26, 2016) issued a press release (Article 29 Working Party Statement on the decision of the European Commission on the EU‑U.S. Privacy Shield) commented on the introduction of the Privacy Shield.
- The Working Party regrets that the Privacy Shield does not introduce a general right to object or rules specifically applicable to automated decisions with respect to the economic aspects of data sharing.
- Regarding the access of U.S. authorities to the transferred data, the working group would have hoped for stricter assurances from the U.S. regarding the independence and competencies of the ombudsman office.
- With regard to the collection of personal data on a large scale, the working group lacks a concrete assurance from the U.S. authorities to actually refrain from such practices.
Furthermore, the first joint annual review of the adequacy decision will prove to be a crucial moment to assess the stability and efficiency of the Privacy Shield. This also in view of the standard contractual clauses and binding internal data protection rules. Therefore, it is of great importance that all parties involved in the review – i.e. also the EU data protection authorities – have access to all necessary information. In particular, also to information that allows an assessment of the proportionality with regard to the collection of personal data by U.S. authorities.