EU-U.S. Privacy Shield: hosting in the EU still safer

Earlier this week on 29th February 2016 the European Commission released information about the new transatlantic framework for personal data flows.  The “EU-U.S. Privacy Shield” addresses both the recommendations made by the Commission in November 2013 and the requirements set out by the European Court of Justice in its ruling on 6 October 2015, which declared the old Safe Harbour framework invalid.  According to the Commission the EU-U.S. Privacy Shield provides stronger obligations on companies in the U.S. to protect the personal data of Europeans.

PIN-SME President, Dr Oliver Grün, welcomed the EC Communication “The arrangements restore legal certainty for European businesses. We acknowledge that maintaining a strong EU-U.S. partnership while the limiting intrusive intelligence surveillance is an important step. However, we are critical about the content of such agreements that remedy only partially the safety problems of the old Safe Harbor”.

Despite the newly introduced barriers against industrial espionage, it remains unclear to what extent data can be stored and processed. Bulk collection of data is still permitted in a number of cases that entail national security purposes (e.g. the fight against terrorism).

PIN-SME had repeatedly criticized this practice in the past. The President Grün highlighted “Hosting in the EU remains the safest option if one wants to avoid espionage by American intelligence.”