There are serious questions as to whether the new data protection agreement between the European Union and the United States will be approved by the European Commission in June or will have to be delayed based of a recent opinion by a panel of data protection authorities, leaving 4,500 U.S. companies in legal limbo regarding cross-border data transfers.
On April 13, the Article 29 Working Party (WP29), an independent advisory group set up by the European Parliament and the Council of 24 October 1995, acknowledged “significant improvements brought by the Privacy Shield compared to the Safe Harbor decision,” singling out the inclusion of key definitions and mechanisms set up to ensure the oversight of the Privacy Shield. But the WP29 also noted an “overall lack of clarity” in the pact, citing the difficulty of finding principles and guarantees expressed in the adequacy decision and its annexes, and voiced “strong concerns on both the commercial aspects and the access by public authorities to data transferred under the Privacy Shield.” And because the Privacy Shield must be consistent with the EU data protection legal framework, The WP29 said a review of the agreement’s text will be required once the new General Data Protection Regulation (GDPR) goes into effect in 2018, to ensure it adheres to the higher level of data protection required under GDPR.
