Skip to main content

US promises not to spy on Europe in updated Privacy Shield

The replacement for data protection arrangement Safe Harbour, the EU-US Privacy Shield, has undergone final amendments. Safe Harbour has already been deemed invalid, and frantic talks have been underway to finalise its successor.

Despite gaining the backing of Microsoft, EU-US Privacy Shield has faced a great deal of criticism. In the wake of the Brexit vote in the UK referendum on EU membership, the UK may be forced to comply with the rules even though it is in the process of exiting the Union. One of the most significant changes to come about - and one that will be welcomed by privacy advocates - is a promise from the White House not to engage in indiscriminate bulk data collection of European data.

Assuming there is agreement by EU member states, the EU-US Privacy Shield agreement could come into force in July. The promise from the US is likely to have a positive impact on the agreement's reception. In a written agreement, the White House says that it will not engage in NSA-style bulk data collection of data transferred between the EU and the US, apart from under specific conditions, and even then only in a " targeted and focused" manner.

Other changes include a requirement for companies to delete retained data when it no longer serves the purpose for which it was collected. In addition to this, the US ombudsman that is due to be set up to oversee complaints will have to be completely independent of national security services.

But the full impact of the Brexit vote is yet to sink in. A spokesperson for the Information Commissioner's office said: "If the UK wants to trade with the single market on equal terms we would have to prove 'adequacy' - in other words, UK data protection standards would have to be equivalent to the EU's General Data Protection Regulation framework starting in 2018. With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial both to businesses and organisations and to consumers and citizens.

This means that despite having voted to step away from EU regulations, the UK may have no option but to bow to them anyway.

Photo credit: deepadesigns / Shutterstock