The European Union and U.S. agreed to changes to the Privacy Shield pact that officials hope will appease privacy concerns raised by privacy regulators. The agreement was sent to member states of the European cooperative on Friday and a vote on the changes is expected in early July.
Supporters hope the recent changes will facilitate international business cooperation following a European court decision last year that ruled the previous Safe Harbor pact invalid. The Privacy Shield agreement has been beset by similar privacy. European Data Protection Supervisor (EDPS) Giovanni Buttarelli issued a resolution in May that said the agreement failed to provide “adequate protection against indiscriminate surveillance.”
The agreement’s changes include new rules that affect bulk data collection and proposed safeguards governing use of that data, including rules ensuring companies delete data. An independent watchdog unaffiliated with intelligence agencies will be appointed, and the U.S. government will issue a statement promising that government bulk collection of data sent by Europe will be “as targeted and focused” as possible.
Privacy organizations and technology companies alike are displeased with the developments, especially in light of recent legislative and judicial developments in the U.S. that have eroded limits on surveillance, including a vote against an amendment introduced in the House that would have banned warrantless surveillance. The Senate is considering a proposal to the Senate Intelligence Authorization Act that would limit privacy and civil liberties oversight. The provision would expand the use of National Security Letters and limit the U.S. Privacy and Civil Liberties Oversight Board’s (PCLOB) review to only consider the privacy interests of “U.S. persons.”
A coalition of think tanks, privacy groups, and technology companies are asking U.S. lawmakers to reject a provision of the Intelligence Authorization Act. Limiting PCLOB’s authority to citizens and lawful permanent residents of the U.S. would “undermine the nascent Privacy Shield agreement, putting trans-Atlantic trade that is critical to the economy of the U.S. and Europe at greater risk,” the group wrote in an open letter Friday. The coalition includes the Center for Democracy and Technology (CDT), Brennan Center for Justice, New America’s Open Technology Institute, Google, Intel, Microsoft, Symantec, among other enterprises and organizations.
The Privacy Shield changes are unlikely to address the concerns raised by privacy advocates and EU courts, say industry pros. “The fact that there is a fundamental difference of opinion over the term ‘surveillance,’ namely collection of data vs. analysis of collected data, underscores both the complexity of the issue and how far both sides are from ratifying this agreement,” wrote Accellion CEO Yorgen Edholm, in an email to SCMagazine.com. “We may be closer but we still have a long way to go.”