The new EU-US data-sharing agreement will be able to run for at least a year, European regulators have announced.
By Chris Baraniuk, Technology reporter
The Privacy Shield allows companies to transfer personal data from the EU to the United States.
EU governments approved the pact earlier this month, but 28 data protection authorities had yet to comment.
They have now said they will not challenge the deal for at least a year.
This means that no legal objection to the framework will be launched until it has had time to go through its first annual review next summer.
The Privacy Shield replaces an arrangement known as Safe Harbour, which was struck down in October 2015 after leaks showed data was subject to US surveillance.
The legality of existing data sharing agreements used in the interim could be affected by the review, said Isabelle Falque-Pierrotin, who chairs the French data protection authority,
“If the situation is considered as OK at the first annual review, on the public security side, it is going to have an impact also on the other transfer tools by reaffirming their legal robustness,” she told the Reuters news agency.
Regulators were still seeking proof that the US was committed to avoiding indiscriminate surveillance, she added.
Ms Falque-Pierrotin also said that any complaints about how the Privacy Shield was functioning would be dealt with on a “case-by-case” basis.
What is Privacy Shield?
In February 2016, the EU and US agreed a new pact to make it easy for organisations to transfer data across the Atlantic.
Key points of the agreement are:
- The US will create an ombudsman to handle complaints from EU citizens about Americans spying on their data
- The US Office of the Director of National Intelligence will give written commitments that Europeans’ personal data will not be subject to mass surveillance
- The EU and US will conduct an annual review to check the new system is working properly
Businesses would probably welcome the data watchdogs’ decision, said Paul Bernal, a law lecturer and privacy advocate at the University of East Anglia.
“Everyone wants to find a solution,” he told the BBC.
However, he said, in his view, the Privacy Shield was “almost certainly inadequate”.
Its effectiveness, therefore, would probably be a matter of continuing assessment, he said.
For example, Dr Bernal noted the regulators’ requirement that they be provided with sufficient evidence to show that the US was not spying indiscriminately on Europeans’ data.
“They could effectively come out against the Privacy Shield either because it’s inadequate – or because they’re not being given enough information,” he said.
The move was welcomed by industry body Digital Europe.
“We agree that the annual review will be a vital point to determine whether the safeguards are effective and make tweaks if necessary,” said director general John Higgins.
“We have full confidence that the Privacy Shield will be a success.”