The last minute deal was closed earlier this week, following drawn out negotiations between the European Commission and US State Department. Providing greater certainty to businesses and very few additional compliance hurdles compared with its predecessor Safe Harbour, the deal has been welcomed by many in the business community. However, privacy advocates and civil liberties groups say that Privacy Shield does not go far enough to protect the personal data of EU citizens stored on US servers.

Imminent legal challenge

City lawyers have warned businesses against getting too comfortable with Privacy Shield, arguing that details of the deal are scant and that a legal challenge from civil liberties advocates is imminent. 'Only the foolhardy would want to place their trust in a new Safe Harbour right now,' commented Fieldfisher data protection partner Phil Lee.

A lot to prove

Finer details of the Privacy Shield agreement remain ambiguous and its broad terms very closely mirror that of its predecessor, a combination that leaves the new deal vulnerable to further scrutiny in the same European courts that declared Safe Harbour to be insufficient and invalid. 'The European Commission still needs to make the case that the US system of privacy laws are essentially equivalent, that data subjects have real rights against disproportionate processing in the US and that if there is disproportionate or illegal processing, then citizens can have their personal data deleted and ultimately redress in an appropriate court,' commented Ashley Winton, UK head of data protection at Paul Hastings. Source: Legal Business