The Privacy Shield data transfer agreement with the US could go into effect this June, Digital Commissioner Günther Oettinger said yesterday (14 March).
At the end of February the European Commission published several letters from US officials, including Secretary of State John Kerry, who promised to step up their response to EU citizens’ privacy complaints as part of the new deal. A committee made up of officials from member states is still negotiating over the details in closed-door meetings.
The agreement will be finalised once the committee gives its stamp of approval, although details can still be changed until then.
“In the next few weeks it will be evaluated by the member states’ data protection authorities. Our goal is for it to go into effect in June,” Oettinger said at the CeBIT trade fair in Hannover, Germany.
“Without a rule, without an agreement for how we’ll deal with data, how it will be stored and how limited intelligence services’ access should be, speaking of the NSA, trust in cloud services will be low,” Oettinger added.
Commission officials said last month that they hoped to finalise the Privacy Shield by June, despite criticism from privacy campaigners and an upcoming meeting of national privacy authorities over the agreement.
The data protection watchdogs from EU member states are meeting on 12-13 April and will issue an opinion on the deal, although it won’t be binding. But the authorities will play a big role in how Privacy Shield is enforced: they’ll be tasked with investigating complaints about the agreement.
A European Commission official told EurActiv last month that the executive will listen to the data protection authorities’ opinion “if it makes sense” and urged the group of watchdogs to approve the deal quickly.
Following Oettinger’s speech, German Minister of Economics Sigmar Gabriel presented his ministry’s new national agenda to develop digital infrastructure by 2015 at the annual fair.
The 60-page document calls for fibre-to-the-home gigabit broadband networks to cover the country by 2025 and cites a €100 billion investment gap. According to the new agenda, the German government will earmark €10 billion for building the networks for fast broadband, using profits from upcoming spectrum auctions.
In the European Commission’s latest digital rankings published last month, Germany eighth out of 28 member states on internet connectivity, but was slammed for its slow broadband.
The US-EU Safe Harbour agreement allowed over 4,000 companies to transfer data from the EU to the US - provided the companies guaranteed the data's security abroad. EU law considers data privacy protections to be inadequate in the US. In October 2015, the European Court of Justice (ECJ) ruled Safe Harbour to be invalid on grounds that government surveillance in the US threatens the privacy of EU citizens' data, and that there is no judicial redress for EU citizens whose data is accessed by state surveillance agencies in the US.
Since the ECJ decision, EU and US negotiators have sped up their talks to strike a new data transfer agreement. European data protection authorities from the 28 EU member states met after the ECJ decision, and asked the Commission to come up with a new deal by the end of January 2016. The data protection authorities are tasked with investigating and deciding on privacy complaints in their own member states.
European Commission: text of EU-US Privacy Shield agreement (29 February 2016)