11th Hour U.S.-EU Deal Protects Online Advertising Industry, But Storm Clouds Ahead

February 5, 2016

In a last minute major push to maintain the ability for companies to transfer consumer data between the European Union and the United States, negotiators from both continents finally have come to an agreement – the new “EU-U.S. Privacy Shield.” ANA applauds the creation of this agreement, which replaced the invalidated Safe Harbor pact, as it could save multinational companies from potentially having to spend billions of dollars to create complex and disruptive new methods of transatlantic data transfer.

One key piece of the new agreement includes safeguards and transparency obligations for U.S. government access to data. This means access by U.S. law enforcement and national security organizations to the data from Europe will be subject to new limitations. Annual reviews by the European Commission and U.S. Department of Commerce will provide oversight of the arrangement, with European Data Protection Authorities (DPAs) and U.S. intelligence experts able to attend the reviews.

A second component of the Privacy Shield will require American companies that import personal data from the EU to comply with strong public obligations regarding data processing. The Department of Commerce will monitor compliance and the Federal Trade Commission will have the enforcement authority. Redress mechanisms for EU citizens make up the final key component of the new agreement. EU citizens now have several methods to address their concerns if they believe their data has been misused.

While the Privacy Shield has been lauded by many American regulators and lawmakers – including Federal Trade Commission (FTC) Chairwoman Edith Ramirez, House Energy and Commerce Committee Chairman Fred Upton (R-MI) and Subcommittee Chairs Michael Burgess (R-TX) and Greg Walden (R-OR), and Senate Commerce Committee Chairman John Thune (R-SD) – there are signs that it may encounter trouble in the near future. The Article 29 Working Party (WP29), a group comprised primarily of representatives from each of the 28 EU member states’ Data Protection Authorities (DPA), announced that it may reject not only the new agreement, but also transfers to the U.S. that are based on two other heretofore accepted EU data transfer mechanisms (Standard Contractual Clauses and Binding Corporate Rules). The DPAs did not participate in the negotiation of the EU-U.S. Privacy Shield, but only were consulted at the last minute, and the WP29 is concerned that any alternatives to the Safe Harbor will suffer from the same data protection problems initially identified by the European Court of Justice which led to its invalidation.

At the end of March or early April, the WP29 will hold a meeting to evaluate the EU-U.S. Privacy Shield and the other two data transfer mechanisms. The DPAs may then go back to the European Court of Justice to challenge these agreements – the same process that took down the original Safe Harbor. Since many privacy advocates have already raised concerns about the new deal, the likelihood for this topic to remain an issue for months to come is very high. ANA will continue to monitor these developments and push for regulations that allow online advertisers to continue to do business effectively and fairly on the European continent.

You must be logged in to submit a comment.