The newly announced EU-US Privacy Shield -- which is designed to protect data transfers between Europe and the United States -- is triggering a fresh round of questions from watchdog groups and some software companies that work closely with cloud service providers (CSPs). The debate is especially important to channel partners that seek to move or manage data between the two continents.
EU-US Privacy Shield is designed to replace Safe Harbor, a privacy agreement that came under fire because of U.S. and NSA spying activities. The Privacy Shield agreement, announced yesterday, still faces close scrutiny from the European Union's 28 member countries.
EU-US Privacy Shield Concerns
Critics of the policy already are starting to emerge. WP29 -- a watchdog group also known as the Article 29 Working Party -- says it needs more time to study the agreement before weighing in with an informed opinion.
Before the Privacy Shield agreement emerged, WP29 said "intelligence services should respect four essential guarantees when dealing with data on EU citizens -- clear rules on processing, access based on need and proportionality, independent oversight and effective remedies," according to Reuters.
In an updated statement following the Privacy Shield's announcement, the WP29 added, "We have concerns on the transfer regarding the scope of surveillance and particularly the remedies. The question is whether the (new) arrangement answers these concerns or not," Reuters reported.
US Mass Surveillance Concerns
Meanwhile, some cloud services providers and software companies that work with CSPs are raising concerns. According to Open-Xchange CEO Rafael Laguna:
"Unfortunately, it is highly unlikely that this ‘shield’ will defend European privacy rights in any meaningful way. Despite claims of ‘clear’ safeguards and ‘transparent’ obligations, without further definition around these terms, no legally binding improvements have been made. It is no relief to know that European complaints around the misuse of data will be referred to an ombudsman from the US State Department. Ultimately, the central issue behind the ECJ’s original ruling has not been addressed: mass surveillance is still permissible whenever the US government deems it necessary. Fortunately for European privacy advocates, it is more than likely that the ECJ will reject this agreement on the ground that is still does not effectively safeguard European citizens from American surveillance."
Open-Xchange promotes an open source email and collaboration system that channel partners promote and CSPs host worldwide.
The EU-US Privacy Shield is expected to receive plenty of additional scrutiny before regulators ultimately decide to approve or reject the agreement.