The Article 29 Working Party held its April plenary meeting last week, where it continued its work preparing for the GDPR, adopted an opinion on the draft e-Privacy Regulation, and discussed the annual review of Privacy Shield.
The Article 29 Working Party has issued a revealing statement about the so-called EU-U.S. Umbrella Agreement, which is aimed at creating a high-level data protection framework in the context of transatlantic cooperation on criminal law enforcement. As a sign of support for the deal, the Working Party welcomes the initiative to set up a general data protection framework in relation to law enforcement cooperation. In a fairly positive tone, the Working Party states that the Umbrella Agreement “considerably strengthens the safeguards in existing law enforcement bilateral treaties with the US, some of which were concluded before the development of the EU data protection framework.” This statement by the Working Party follows its recent announcement that it had created a working group for enforcement actions on organisations targeting several member states, which is yet another sign of the growing international ambitions of the EU data protection authorities.
From the moment that the Chairman of the Article 29 Working Party, Isabelle Falque-Pierrotin, announced at a press conference on 3rd February this year that the Working Party would assess the standing of the EU-US Privacy Shield under EU law, privacy professionals have been waiting to see what the Working Party’s view would be. Earlier this week, on 13th April, the Working Party provided their initial opinion. On the one hand, the Working Party welcomed the significant improvements of the Privacy Shield as a positive step forward. Yet, on the other hand, the Working Party set out their strong concerns on the commercial aspects of the Privacy Shield and the ability for US public authorities to access data transferred under the Privacy Shield. The opinion concluded by urging the European Commission to resolve these concerns and improve the Privacy Shield.
Following the announcement by the European Commission of the newly agreed EU-US Privacy Shield, the missing piece of the jigsaw was the Article 29 Working Party’s stance on the adequacy of the existing mechanisms in place—in particular, standard contractual clauses and binding corporate rules. So after two days of intense discussions, the Working Party has issued a statement with its latest position, which is the follow up to their original reaction to the invalidation of Safe Harbor last October. The bottom line: the Working Party still does not view US government surveillance laws as sufficiently protective of privacy—a position which calls all transfers of personal data to the US in question, regardless of the methods used to legitimise the transfer—but they will reconsider this position in light of the Privacy Shield in the coming months.