The monthly law journal which covers all aspects of data protection and data privacy: data transfer & outsourcing, marketing and e-marketing, freedom of information (FOI), employee monitoring, privacy compliance, online data acquisition and consent, personal data, website compliance and emerging technologies such as behavioural advertising, cloud computing and smart grids. / read more
This title is as sensationalist as this piece is going to get. I say this, because the announcement by the Article 29 Working Party (‘WP29’) on their stance on the EU-US Privacy Shield has been surrounded by much drama and somewhat exaggerated headlines. When it comes to transatlantic data flows between the EU and the US, we don’t need drama, we need a legal mechanism to overcome a slightly draconian prohibition and, more importantly, a way to extend the protection of personal data beyond the EU’s borders. The concerns raised by the WP29 may have been disappointing to those involved in crafting the Privacy Shield, but they were foreseeable given the huge sensitivities around surveillance and the feeling amongst privacy regulators that preventing a ‘1984’-type dystopia - as remote as it may seem in our democratic cultures - is their number one priority.
For what it’s worth, a team of us at my firm carried out a detailed legal analysis of the Privacy Shield following its publication. We considered the historical background that preceded the adoption of the Privacy Shield and the precise legal test created by the Court of Justice of the European Union (‘CJEU’) to determine its validity. Applying our knowledge and understanding of European and US law and our interpretation of the fundamental data protection legal principles, we concluded that the Privacy Shield Framework provided an ‘essentially equivalent’ level of protection to that afforded by European law. We did not say the Privacy Shield was a perfect framework for protecting personal data, in the same way that Europe’s regime is not a perfect one either. But we took the view that, in light of the range of protections in place, it was reasonable to see the glass half full and that regulators and courts should also see it that way.