EU privacy watchdogs raise concerns with US data deal

Europe’s privacy regulators on Wednesday urged the European Commission to resolve concerns that the scope of U.S. surveillance allowed under a pending U.S.-European Union data transfer deal is too broad, according to Reuters.

“The possibility that is left in the [Privacy] Shield for bulk collection which if massive and indiscriminate is not acceptable,” said Isabelle Falque-Pierrotin, chairwoman of the group of 28 data protection authorities.

{mosads}The so-called Privacy Shield is intended to replace a 2000 agreement that allowed U.S. firms to legally handle European citizens’ data. It was struck down in October over privacy concerns, leaving negotiators racing to craft the new arrangement. 

Falque-Pierrotin also expressed concern that a U.S. privacy ombudsman at the State Department, established by the deal to handle complaints that national security agencies have violated privacy rights, would be ineffective.

“We don’t have enough security guarantees in the status of the ombudsperson,” Falque-Pierrotin said.

The working party’s nonbinding opinion has been tensely awaited as a barometer for the deal’s ultimate viability. 

Onlookers widely anticipated that the group of regulators would not be satisfied the new deal adequately protects EU citizens’ privacy.

Falque-Pierrotin has previously expressed concerns with the scope of U.S. surveillance permitted under the new agreement.

Critics have long warned that unless the U.S. overhauls its privacy and national security laws, there is no legal framework that can stand up in European courts, where privacy is considered a fundamental right under the EU Charter.

In announcing the deal, European Commission officials insisted that the Washington had provided “detailed written assurances” that surveillance of data by U.S. intelligence agencies would be subject to appropriate limitations.

“The U.S. has clarified that they do not carry out indiscriminate surveillance of Europeans,” Andrus Ansip, vice president for the digital single market on the European Commission, said when the deal was announced.

The pact must also clear other hurdles, including a resolution by the European Parliament, before it can be finalized by the two governments.

And even if the deal is finalized, the European high court will likely still weigh in on its validity. Privacy Shield’s predecessor, the 15-year-old Safe Harbor framework, was struck down when the court deemed that the U.S. could not be trusted to adequately protect EU citizens’ privacy because of its surveillance practices.

If the deal is not finalized, businesses fear a chilling of transatlantic trade, valued at $1 trillion in 2014.