This April 13, the Article 29 Working Party (WP 29, which includes the EU national data protection authorities) expressed its concerns regarding the Privacy Shield during a press conference. The WP 29 will publish its detailed written position at a future date. In short, WP 29 considers, among other things, that:

  • the draft Privacy Shield does not take key data protection principles into account;
  • bulk collection of personal data by U.S. surveillance bodies remains possible; and
  • the independence of the U.S. Ombudsman is not guaranteed.

While recognizing the progress made, compared to the defunct Safe Harbor, the WP 29 invites the EU Commission to resolve all concerns expressed. The EU Commission is not bound by the opinion of WP 29, but failure to address or answer the concerns expressed will certainly weaken the not-yet-born Privacy Shield.

For more information on ex-Safe Harbor and EU-U.S. Privacy Shield, please refer to the following prior Password Protectedblog posts:

EU-U.S. Privacy Shield: Better or Worse?

Replacing Safe Harbor: EU-U.S. Privacy Shield Announced

U.S. Chamber of Commerce and Business Europe Request Quick, Perennial Safe Harbor Fix

Safe Harbor Invalidated by the CJEU; Are There Other Solutions for Transatlantic Transfers?

Means, Other Than Safe Harbor, of Transferring Personal Data to the U.S. Potentially Vitiated?

CJEU Declares the EU Commission Safe Harbor Decision Invalid