To say that reactions on Twitter to the new Privacy Shield have been mixed is a significant understatement.
The release of the details of the scheme by the US department of Commerce prompted Vera Jourová, the European Commissioner for Justice, Consumers, and Gender Equality and co-designer of the scheme to tweet “The new Privacy Shield will bring robust EU Data P for Europeans’ data in the U.S. Trust is key for transatlantic data transfer.”
There was, however, and altogether different reaction from Max Schrems, whose campaign of attrition took Safe Harbor the previous mechanism for Europe/US data transfers down. His tweets dissected weaknesses of the scheme and ridiculed it saying “They put ten layers of lipstick on a pig but I doubt the Court + DPAs suddenly want to cuddle with it.”
The ICO is taking a calm view of the situation with tweets referring to advice it gave last month including the reassuring message that, “we will not be seeking to expedite complaints about Safe Harbor while the process to finalise its replacement remains ongoing and businesses await the outcome.” This is in contrast to German and French regulators who are said to be cooking up prosecutions of large multinationals based on continued reliance on Safe Harbor.
In a slightly more helpful tweet, the US Department of Commerce provided a reference to their Fact Sheet on the Privacy Shield.
The proposals include a draft “adequacy decision” which will now be evaluated by the Article 29 Working Party which is likely to issue its verdict at the end of April.
3rd March 2016
Copyright DPN
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance to the Data Protection Act 1998 or other statutory measures referred to in the document.
Copyright DPN
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.