(Image credit: Getty Images)
03 Nov 2016 , 13:51
A new EU-U.S. pact governing the transfer of personal data faces a second legal challenge, putting the details of the deal which underpins billions of dollars of transatlantic trade in digital services under further scrutiny. French privacy advocacy group La Quadrature du Net, non-profit Internet service provider French Data Network and its Federation FDN industry association have now challenged the adoption of the Privacy Shield pact by the European Commission at the Luxembourg-based General Court, following in the steps of Irish group Digital Rights Ireland.
The Privacy Shield agreement was reached earlier this year after the European Union’s highest court struck down the previous Safe Harbor Principles used by companies to enable them to transfer Europeans’ personal data to the United States, due to concerns about intrusive U.S. surveillance of online data. The new agreement gives businesses storing Europeans’ data on U.S. servers – from human resources information to people’s browsing histories and hotel bookings – an easy way to do so without falling foul of tough EU private data transfer rules.
More than 500 companies have signed up to Privacy Shield so far, including Google, Facebook and Microsoft, while over 1,000 are being processed by the U.S. Department of Commerce. The agreement seeks to strengthen privacy protections for EU citizens by giving them a means of seeking redress in the case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from Europeans about U.S. spying.
But the objectors say that restrictions on U.S. surveillance activities – in particular the bulk collection of data and the purposes for which the data can be used – are inadequate and therefore the Privacy Shield agreement should be annulled. Under EU law companies or individuals may challenge EU acts before the EU courts if they are directly concerned within two months of the act coming into force, otherwise they have to go through national courts, a process which takes longer.
However both challenges face a strong risk of being declared inadmissible if the court finds that the associations are not directly concerned. In their challenge the French groups say that the U.S. ombudsman is not an effective mechanism for dealing with complaints. “The fact that it relies on so-called ‘independent’ instruments is in no way sufficient to consider it an independent judicial entity,” they said.
A spokesman for the European Commission, which negotiated the Privacy Shield with Washington, said it was aware of the new complaint. “We don’t comment on ongoing court cases. As we have said from the beginning, the Commission is convinced that the Privacy Shield lives up to the requirements set out by the European Court of Justice, which have been the basis for the negotiations,” Christian Wigand said.
The U.S. Department of Commerce did not respond to questions about the second challenge.
Reuters