New EU-U.S. data transfer agreement debuts to high hopes, pot shots- Valutrics

Dissent from Europe

On paper, the EU-U.S. Privacy Shield’s protections are stronger than Safe Harbor’s. There are clear safeguards on how U.S. government and law enforcement agencies can access European consumers’ personal information, and it will also be easier and cheaper for people to file complaints against companies for perceived privacy violations. Also, under the “onward-transfer” provision, third-party contractors such as email-list processors that may handle customer data must also adhere to the framework’s principles.  

But not everyone is happy, with civil liberties groups criticizing the set of laws. Human rights watchdog organization Privacy International has called the document “opaque” and said that there are “no meaningful protections” for European consumers against mass surveillance by the U.S. government. And advocacy group European Digital Rights said the “sham” pact is doomed to fail.

Miriam Wugmeister, a privacy and data security lawyer at law firm Morrison Foerster, said the groups making the criticisms are not taking everything they should into account. They see Privacy Shield, and Safe Harbor before it, as “self-regulatory,” without real implications for violations. That couldn’t be further from the truth, Wugmeister said. Companies that registered for Safe Harbor, for example, “really, actually developed compliance programs.” And the Federal Trade Commission, enlisted to enforce Privacy Shield, takes things like this very seriously.

“This is something that is not understood particularly by Europeans,” Wugmeister said. “The way in which we have regulation in the U.S. is if you publically declare something and don’t do it, the FTC comes after you. It’s public declaration backed by enforcement.”