An advisory group to the European Union has said it can't endorse the "privacy shield" proposal agreed to by the EU and U.S. to succeed a data protection agreement invalidated last year, according to the Information Technology and Innovation Foundation.
The ITIF said it was disappointed that the group -- the Article 29 Working Party, made up of EU's data protection regulators -- could not support the negotiated framework.
"The new agreement offers a host of new protections, obligations and opportunities for redress that affirm the commitment of the U.S. government to safeguard European data and respect the rights of European citizens," the ITIF, a technology policy think tank, said. "Moreover, the agreement has achieved widespread support on both sides of the Atlantic from many policymakers, businesses and advocacy groups for offering an opportunity to move forward after the European Court of Justice invalidated the Safe Harbor agreement in the Schrems decision."
If the privacy shield proposal is approved, it would replace the Safe Harbor agreement that an EU court invalidated over concerns about the U.S. being able to hold up its end of the agreement given the government surveillance revealed by the Edward Snowden leaks. The framework requires companies to provide notice of what personal information is being collected and stored, the purposes it is used for and an "opt out" mechanism.
The ITIF said the fact that the advisory group thinks the agreement needs work isn't a reason not to approve it.
"While members of the Article 29 Working Party should continue to offer suggestions on how to strengthen this agreement — and there are opportunities for improvement — the opportunity for improvement should not preclude official approval of the agreement," the ITIF said.
The Trans Atlantic Consumer Dialogue, civil society groups that also had issues with the shield, said the signal from the advisory committee was clear and should be heeded.
"We hope that the European Commission will take the opinion of the Data Protection Authorities very seriously. It is clear that the Privacy Shield does not adequately protect EU consumers’ fundamental rights," said Jeff Chester, U.S> co-chair of TACD's Information Society Committee. "The Commission must reconsider its adoption. The EU cannot afford to set a precedent like this and allow fundamental rights and values to be high jacked by political and commercial interests.”