Buttarelli (EDPS): “Privacy Shield, more robust and sustainable solution needed”

In his capacity as an independent supervisor of the EU institutions and advisor to the EU legislator, the European Data Protection Supervisor (EDPS) today published his Opinion on the EU-U.S. Privacy Shield in which he offers practical solutions to address some of the concerns the proposal raises. Giovanni Buttarelli, EDPS, said in a press realase: “I appreciate the efforts made to develop a solution to replace Safe Harbour but the Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the Court. Significant improvements are needed should the European Commission wish to adopt an adequacy decision, to respect the essence of key data protection principles with particular regard to necessity, proportionality and redress mechanisms. Moreover, it’s time to develop a longer term solution in the transatlantic dialogue”. In April 2016, the Article 29 Working Party issued an Opinion on the Privacy Shield proposal to which the EDPS contributed as a member. It contains a detailed legal analysis and request for clarification over a number of concerns. The EDPS Opinion has been issued as part of the EDPS’ mission as independent advisor to the EU institutions on the implications of policies which have an impact on the rights to privacy and data protection. For the Privacy Shield to be effective it must provide adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights. The EDPS highlights how he sees essential equivalence working in practice in the context of self-regulation by private organisations where data in transit or transferred to the U.S. may routinely be assessed by law enforcement and intelligence bodies. With the new General Data Protection Regulation (GDPR) to be fully implementable across the EU in May 2018, the EDPS points out that it will be applicable to all data protection related matters including transfers of data. Also taking into account the observations and concerns shared with him by MEPS, industry, civil society academia and other interlocutors, the EDPS urges the legislators to take their time in finding an adequate, long-term solution. He says that international companies supplying goods and services in the EU should be absolutely clear about all the rules they must comply with. In the EU we do not discriminate on the basis of nationality. Key data protection principles must be covered in the Privacy Shield for it to offer essential equivalence between EU-U.S. law. 1 giugno 2016