The Art. 31 Committee, bringing together experts from all EU Member States, finally voted, last 8th July, in favour of the Privacy Shield agreement between the EU and the US. Four national data experts, however, abstained from the vote. According to some sources, they were representatives from Austria (who had already voted against the General Data Protection Regulation), Bulgaria, Croatia and Slovenia.
The agreement was subsequently adopted by the Commission on 12th July to become operational on 1st August, enabling companies to sign up to it with the US Department of Commerce, who is in charge of verifying whether their privacy policies comply with the agreement.
One day earlier, on 29th July, the Article 29 Working Party (29WP) released a statement on the Decision of the Commission on the EU-U.S. Privacy Shield. In this declaration, the 29WP commended the Commission and the US authorities for having taken into account the concerns and doubts it had previously expressed, but it also underlined the fact that some of them remained unanswered.
According to the 29WP, unanswered concerns include, in particular, commercial aspects and the access to EU data by US public authorities. The 29WP also declared that it
“would have expected stricter guarantees concerning the independence and the powers of the Ombudsperson mechanism”
and that the first annual review of the agreement will represent a key moment for the efficiency of the agreement to be further assessed.
Despite declarations by Penny Pritzker, US Secretary of Commerce, that the US has been “unusually transparent” concerning the operational methods of its security agencies and her repeatedly stressing the efforts made by the US in order to meet the EU’s demands, the agreement has met further criticism.
For example, the green German MEP Ian Philipp Albrecht argued that it does not address the concerns outlined by the European Court of Justice when it annulled the old Safe Harbour agreement. The Austrian lawyer and digital rights activist Max Schrems declared instead that he was sure that the new Agreement would not survive a legal challenge.
Just born, the EU-US Privacy Shield is, in the eyes of many, already doomed.