The European Commission has announced new and unprecedented limitations on transnational bulk collection as part of Privacy Shield.
Tiina Astola, deputy director-general of the Directorate-Generale of Justice and Consumers for the European Commission, told the European Parliament that Europe had “clear and unprecedented written assurance” that access to European individuals' data in the US will only be used as needed by security services.
This came as the European Committee on Civil Liberties, Justice and Home Affairs convened a hearing on the developments on the new privacy regime, governing the transfer of data between the shores of the Atlantic.
Privacy Shield is intended as a replacement for Safe Harbour, the EU's previous means of ensuring the private data collected and held in Europe would be treated by organisations as if they were operating in Europe. Safe Harbour was struck down in October 2015, when the European Courts of Justice found that it came into conflict with Article 8 - the right to privacy - of the European Convention on Human Rights.
“Privacy shield negotiations with our American partners were not always easy,” said Astola as she opened today's hearing on the incoming Privacy Shield.
She announced that the EU, as part of Privacy Shield negotiations, had received written assurances of safeguards against the bulk collection of European data by the US. This is, she said, “Clear and unprecedented written assurance” and “the first time we have obtained anything like this from the US side.”
“Generalised collection of data for national security is unacceptable,” said Astola, as she praised the European court's citation of the fact that Safe Harbour contained nothing on national security interest.
Furthermore, and perhaps most importantly, Privacy Shield will make security services, “Always prioritise targeted collection over bulk collection and will only use bulk collection when needed.”
Also speaking were Ted Dean, deputy assistant secretary for services at the US Department of Commerce, who assured the committee, “A number of US government agencies have made commitments” to Privacy Shield.
Dean added that each each commitment has been made at cabinet or agency level, granting those commitments a considerable amount of legitimacy.
The committee expressed scepticism at these developments, pressing Dean and Astola for details. Sophia in 't Veld of the Group of the Alliance of Liberals and Democrats for Europe asked for the concrete legal status of these so-called ‘written assurances', adding: “What will they be worth if they are signed by President Trump?”
Bruno Gencarelli, head of the data protection unit of the Directorate-General of Justice, replied that while the negotiations were between the EU Commission and the US Department of Commerce, the US negotiators spoke with the authority of the US government, adding the commitments “will bind the US administration until they are repealed or withdrawn”.
Dean added that there will be no need to wait for review if the commitments were walked away from. He said, “If there's any walking away from this commitment, it will be realised very quickly.”
In 't Veld was dissatisfied with the response to her question, saying, “I asked about the legal status and all I get is the scout's honour of the presidents.”