Written By ESR News Blog Editor Thomas Ahearn
European Union (EU) data protection watchdog group Article 29 Working Party has released a statement about the EU-U.S. Privacy Shield that “welcomes the significant improvements brought by the Privacy Shield compared to the Safe Harbor decision” but also expresses “strong concerns on both the commercial aspects and the access by public authorities to data transferred under the Privacy Shield.”
According to the statement, the EU-U.S. Privacy Shield “needs to be consistent with the EU data protection legal framework, both in scope and terminology.” The Article 29 Working Party has several concerns about the commercial aspects of the EU-U.S. Privacy Shield Framework and found some key data protection principles as outlined in European law are not reflected in the Privacy Shield.
- The application of the purpose limitation principle to the data processing is unclear.
- The data retention principle is not expressly mentioned and cannot be clearly construed from the current wording of the text.
- There is no specific wording on the protection that should be afforded against automated individual decisions based solely on automated processing.
The Article 29 Working Party also has concerns about access by public authorities to data transferred under the Privacy Shield. In its statement the Article 29 Working Party “regrets that the representations of the U.S. Office of the Director of National Intelligence (ODNI) do not provide sufficient details in order to exclude massive and indiscriminate collection of personal data originating from the EU.”
The Article 29 Working Party is an independent advisory body on data protection and privacy composed of representatives from the national data protection authorities of EU Member States, the European Data Protection Supervisor, and the European Commission. To read the full statement, click on this link: STATEMENT OF THE ARTICLE 29 WORKING PARTY ON THE OPINION ON THE EU-U.S. PRIVACY SHIELD.
As reported earlier by ESR News, the EU and U.S. agreed to create the new Privacy Shield after the European Court of Justice (ECJ) ruled that the Safe Harbor data transfer pact was invalid. The full text of the EU-U.S. Privacy Shield Framework that will govern data transfers between the EU and the U.S. is available on the U.S. Department of Commerce website at https://www.commerce.gov/privacyshield.
ESR Protects the Privacy of Consumer Data
Employment Screening Resources® (ESR), a leading global provider of background checks, completes an annual SOC 2® Type 2 Data Security Audit that confirms ESR meets high standards for protecting the security, confidentiality, and privacy of consumer data used for background checks. For more information about ESR, please call toll free 888.999.4474 or visit http://www.esrcheck.com.
NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this web site is for educational purposes only.
© 2016 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.