Making Cloud SLAs readily usable in the EU private sector

EDPS' concerns about EU-US Privacy Shield pact

The EU-US Privacy Shield agreement was supposed to safeguard EU citizens' personal information stored in the US. The agreement was designed to replace the Safe Harbour pact, which the EU Court of Justice ruled invalid.

However, the European Data Protection Supervisor (EDPS) Giovanni Buttarelli has expressed reservations about the agreement: "I appreciate the efforts made to develop a solution to replace Safe Harbour” the EDSP said “but the Privacy Shield as it stands is not robust enough to withstand future legal scrutiny".

Safe Harbour, which was introduced in 2000, was an agreement between the European Union and United States, aimed at providing a direct and reasonable way for US companies to get data from Europe without breaking EU laws. In 2015, the European Court of Justice ruled Safe Harbour inadequate after Edward Snowden’s revealed details about the Prism surveillance scheme operated by the NSA.

In February 2016, the EU and US agreed the Privacy Shield agreement to make it easier for organisations to transfer data across the two continents. This new pact provides:

  • an US ombudsman to handle complaints from EU citizens
  • an annual system review conducted by EU and US
  • written commitments from the US Office of the Director of National Intelligence.

Though, the agreement has been criticised by the Article 29 Data Protection Working Party and also by the EDPS, who echoed by saying the agreement needed to provide "adequate protection against indiscriminate surveillance" and "obligations on oversight, transparency, redress and data protection rights".

 

Source: Data watchdog rejects EU-US Privacy Shield pact, bbc.com