DPAs may not agree to the Privacy Shield Agreement

Leaked documents, which come from a number of German members of the Article 29 working group, indicate that the consultative body of the European privacy regulators will not agree to the Privacy Shield agreement. This recently replaced the invalid Safe Harbor arrangement.

The documents, which previously appeared on a blog but have now been removed, have been viewed by Ars Technica. The site writes that it shows that the Article 29 Working Group is “not yet in a position to confirm that the Privacy Shield guarantees the same protection in the US as it does in the EU.” This is problematic, because the new agreement should ensure that a corresponding level of protection is provided. If this is not the case, the European Court can again rule that the agreement is invalid, just as it did with the previous Safe Harbor arrangement.

Another passage from the leaked documents describes that no conclusion can yet be reached on the Privacy Shield, as certain aspects of the agreement related to national security could affect the validity of ways of storing personal data in the US. However, it is unclear which aspects or ways are meant by this.

A negative decision by the Article 29 Working Group does not mean the end of the Privacy Shield, as the consent of the body is not a requirement for adoption of the agreement. Therefore, privacy regulators are said to have already stated in the documents that they will support lawsuits challenging the validity of the Privacy Shield, if the agreement is passed despite their advice.

The Privacy Shield is the successor to the Safe Harbor arrangement that was declared invalid by the European Court, which allowed companies to store personal data of EU citizens in the US. The preliminary text of the new agreement was presented at the end of February. The Article 29 Working Group has been discussing the proposal for the past two days and is likely to issue an official position shortly.