Skip to the content


EU privacy watchdog rejects US data agreement

EU's data privacy

​A proposed data agreement between the European Union and the United States has been handed dealt a blow, with Europe's data privacy watchdog stating that the pending deal needs substantial improvements.

In a statement, European data protection supervisor Giovanni Buttarelli said that the Privacy Shield, which was initially brought in to replace the Safe Harbor agreement, was "not robust enough to withstand future legal scrutiny before the [European high court]".

The Safe Harbor agreement was overturned by the European high court last Autumn, with officials claiming that the US was unlikely to be able to meet the EU's privacy standards, amid the country's intelligence practices being revealed by former National Security Agency contractor Edward Snowden.

It is arguably the same concerns that have stifled the latest deal, with critics warning that the US needs to overhaul its laws surrounding privacy and national security, adding that current legislation was unlikely to stand up in European courts.

These concerns come amid increasing pressure on Europe to negotiate the terms of the deal, which was initially agreed by the European Commission and the US in February.

When announcing the Privacy Shield measures earlier this year, officials at the European Commission said the US had provided “detailed written assurances” that surveillance of Europeans’ data by intelligence agencies would be subject to certain limitations.

However, while Buttarelli said those limitations had been made explicit, they were nevertheless still too broad.

Under the original Safe Harbor agreement, the access to data for national security was considered an exception, “the attention devoted in the Privacy Shield draft decision to access, filtering and analysis by law enforcement and intelligence ... indicates that the exception may have become the rule," Buttarelli said.

“While we welcome the transparency of the US authorities on this new reality, the current draft decision may legitimise this routine."

The intention behind the deal is to ensure US firms can continue to legally handle the data of European citizens when outside the EU, but critics have claimed the measures simply do not go far enough to protect the data and privacy of citizens.

As a result, EU lawmakers last week recommended that the European Commission address perceived "deficiencies” in the agreement.

But getting the US around the table to discuss terms could be a difficult proposition, with the US Department of Commerce reportedly hesitant to renegotiate the deal with the Commission.

However, the consequences of the two parties not reaching an agreement could well force their hand, with business on both sides of the Atlantic believed to have concerns over how such a situation will impact profits.