Privacy shield review: EU renews calls for permanent ombudsperson

EU Commissioner in charge of justice, consumers and gender equality Vera Jourova gives a press conference in Brussels, Belgium, 10 December 2018 [EPA-EFE/OLIVIER HOSLET]

The European Commission has put pressure on US authorities to nominate a permanent ombudsperson for its data protection agreement with the US, with Justice Commissioner Věra Jourová saying that her “patience is coming to an end” on the issue.

Responding to a question from EURACTIV during a press conference on Wednesday (19 December), Jourová revealed that US counterparts had asked her for patience on appointing a permanent ombudsperson to deal with complaints issued as part of the EU-US privacy shield agreement.

The accord obliges the US to protect personal data belonging to EU citizens, while also creating a framework that allows for the safe transmission of data across the Atlantic for commercial purposes.

US taking privacy shield deal seriously, EU officials say

The US is making a number of steps in the right direction in order to fall in line with the EU-US privacy shield agreement, EU officials said on Thursday (18 October). The comments came as the Commission entered the first round of talks for the second annual review of the pact. 

In early 2017, an acting member of staff was put in place for the role, and the US announced in September of this year that Manisha Singh had been given the temporary role of privacy shield ombudsperson.

Jourová said on Wednesday that the US authorities had informed her of the lengthy and demanding process of appointing a permanent member of staff for the post. However, this did not seem to allay the Commissioner’s concerns.

“The nomination of an ombudsperson was already a prominent point in the first annual review,” Jourová said. “We have to deal with this issue again.”

More generally, the Commission applauded the US’s convergence with EU data standards in the second annual privacy shield review, with the statement sating that the country “continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the EU to participating companies in the U.S.”

Improvements were judged to have been made in random spot check processes as well as in the privacy policies of affected companies.

Moreover, the Federal Trade Commission has demonstrated a more proactive approach to compliance with the privacy shield in actively pursuing the acquisition of relevant information from participating companies, and the Privacy and Civil Liberties Oversight Board have appointed new members who have been working to ensure that privacy protections for non-Americans are implemented across the US intelligence community.

EU-US Privacy Shield review: Jourová to meet US secretary amid compliance concerns

The EU’s Justice Commissioner Věra Jourová will sit down with US Secretary of Commerce Wilbur Ross on Thursday (18 October), as they launch a review of the EU-US privacy shield, while certain EU MEPs remain unconvinced by the agreement.

After an October meeting with EU officials, EURACTIV previously revealed that the US had started to comply more rigorously with the privacy shield agreement.

However, the accord, which has been operational since 1 August 2016, has not been without controversy.

In early October, MEPs from ALDE, GUE/NGL and S&D wrote to Commissioner Jourová, putting pressure on her to clarify the ‘concrete steps’ taken by the US to comply with the shield, after reports of non-compliance surfaced.

The communication followed a resolution in the European Parliament that called on the Commission to consider suspending the privacy shield until the US authorities “comply with its terms.”

With a general increase in compliance with the privacy shield agreement, the EU’s objectives are now firmly centred on putting pressure on the US appoint a permanent ombudsperson by 28 February 2019.

If no adherence were to be reached in this area, the Commission said on Wednesday that punitive measures against the US, in accordance with the General Data Protection Regulation, would be sought.

Subscribe to our newsletters