The statement refers to the Privacy Shield approved by the European Commission on July 12, 2016 (see here) and addresses the changes brought to the text of the document after the last rounds of negotiations.
Particularly, the WP29 highlighted that a number of the concerns the group previously highlighted (see here and here) remain. The WP29’s concerns focus on some commercial aspects and on the U.S. Government’s access to data transferred from the EU.
As for the commercial aspects, the WP29 stresses “the lack of specific rules on automated decisions and of a general right to object”. In addition, the WP29 hosts doubts on how the Privacy Shield Principles will apply to processors.
As for the access by public authorities to data transferred from Europe, the WP29 notes that the independence and the powers of the Ombudsperson are not strictly guaranteed. It appreciates ODNI (Office of the Director of National Intelligence)’s commitment not to conduct bulk collection of personal data. “Nevertheless, it regrets the lack of concrete assurances that such practice does not take place”.
At the time of the first Joint Annual Review – which will probably take place at the beginning of Summer 2017- it will be possible to verify the robustness and efficiency of the Privacy Shield.
In the meanwhile, the WP29 promises to assist data subjects with exercising their rights under the Privacy Shield and assures data controllers that it will soon provide information, guidance, and suggestions to get organized under the new rules.
For more information, Francesca Giannoni-Crystal