Following the recent announcement by the US and the EU that Privacy Shield is agreed and from 1st August will be ready for business, the Article 29 Data Protection Working Party (the Working Party) recently issued its Opinion (WP238) expressing concerns and asking for various clarifications.

Whilst the Working Party commends the European Commission and the US for finally launching Privacy Shield, the Working Party is particularly concerned at “the lack of specific rules on automated decisions and of a general right to object.“ It also is unclear “how the Privacy Shied Principles shall apply to processors.”

In addition to the above concerns the Working Party states in its Opinion that “it would have expected stricter guarantees concerning the independence and the powers of the Ombudsperson mechanism.” With US organisations able to begin certifying compliance to Privacy Shield from 1st August there are now a lot of decisions to be taken as to whether Privacy Shield is more for show than for protection, and with so many international businesses having already opted for the use of Model Clauses or Binding Corporate Rules for data transfers, maybe Privacy Shield will be more hung on the wall than armed for action.