SlideShare ist ein Scribd-Unternehmen logo

EU–US Privacy Shield has Flaws

Thierry Debels
Thierry Debels

In its Decision of 12 July 2016 (“the adequacy decision”), the Commission found that the EU-U.S. Privacy Shield (“Privacy Shield”) ensures an adequate level of protection for personal data that has been transferred from the European Union to organisations in the U.S.

Regierungs- und gemeinnützige Organisationen
1 von 8
Downloaden Sie, um offline zu lesen
13524/17 VH/np DGD 2C EN Council of the European Union Brussels, 20 October 2017 (OR. en) 13524/17 DATAPROTECT 164 JAI 952 DAPIX 338 FREMP 117 DIGIT 219 RELEX 887 COVER NOTE From: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of receipt: 19 October 2017 To: Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union Subject: REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield Delegations will find attached document COM(2017) 611 final. Encl.: COM(2017) 611 final
EN EN EUROPEAN COMMISSION Brussels, 18.10.2017 COM(2017) 611 final REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield {SWD(2017) 344 final}
2 REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield 1. THE FIRST ANNUAL REVIEW – PURPOSE, PREPARATION AND PROCESS In its Decision of 12 July 20161 (“the adequacy decision”), the Commission found that the EU-U.S. Privacy Shield (“Privacy Shield”) ensures an adequate level of protection for personal data that has been transferred from the European Union to organisations in the U.S. The Privacy Shield reflects the principles and requirements laid down by the European Court of Justice in its decision in the Schrems case2 , which invalidated the previous Safe Harbour framework. It provides for a number of novel elements, compared to Safe Harbour, which enhance the protection of personal data when it is transferred to the United States. This includes stricter obligations on Privacy Shield-certified companies, for example regarding limitations on how long a company may retain personal data (so-called “data retention” principle) or the conditions under which data can be shared with third parties outside the framework (so-called “accountability for onward transfers” principle). It also provides for more regular and rigorous monitoring by the Department of Commerce (DoC) and significantly strengthens the possibilities for EU individuals to obtain redress. In addition, the Privacy Shield builds on specific written representations and assurances made by the U.S. government that access by public authorities to personal data transferred under the Privacy Shield for national security, law enforcement and other public interest purposes is subject to clear limitations and safeguards. To this end, it also creates an entirely new redress mechanism, the Ombudsperson. The Commission committed to evaluate its adequacy finding on an annual basis, and, to this end, conducts an annual review of the functioning of the Privacy Shield. The first annual review of the functioning of the Privacy Shield is concluded with the present report. The review covered all aspects of the Privacy Shield, i.e. the implementation, administration, supervision and enforcement of the Privacy Shield framework by the competent U.S. authorities and bodies as well as questions relating to the access by U.S. public authorities to personal data transferred under the Privacy Shield for public interest purposes, in particular national security. It also included a dialogue on the specific topic of automated decision- making and an assessment of developments in the U.S. legal system over the past year which could have an impact on the functioning of the Privacy Shield. 1 Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield, OJ L 207, 1.8.2016, p.1. 2 Judgment of the Court of Justice of the European Union of 6 October 2015, Case C-362/14, Maximilian Schrems v Data Protection Commissioner ("Schrems").
3 The Privacy Shield framework has been operational since 1 August 2016. Taking into account that this has been the first year of its operation, the Commission’s annual review has focused on verifying that all the mechanisms and procedures provided for in the framework – many of which were newly created – have been fully implemented and are functioning in the way that is foreseen in the adequacy decision. Moreover, the Commission has put particular emphasis on checking whether and how the various U.S. authorities involved in the implementation of the framework have lived up to their representations and commitments, both as regards the administration and supervision of the commercial aspects of the Privacy Shield, and with respect to government access to personal data. The change of the U.S. administration in January 2017 made this particularly relevant. In preparation of the annual review, the Commission gathered information and feedback on the implementation and functioning of the Privacy Shield framework from relevant stakeholders, more specifically from Privacy Shield-certified companies through their respective trade associations, and from non-governmental organisations (NGOs) active in the field of fundamental rights and in particular digital rights and privacy. It also sought and obtained written information from the U.S. authorities involved in the implementation of the framework, including relevant documents and material. The first Annual Joint Review took place on 18 and 19 September 2017 in Washington, DC. It was opened by Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, and U.S. Secretary of Commerce Wilbur Ross. The annual review was conducted for the EU by representatives of the European Commission’s Directorate General for Justice and Consumers. The EU delegation also included eight representatives designated by the Article 29 Working Party, the advisory body bringing together the national data protection authorities of the Member States (DPAs) as well as the European Data Protection Supervisor. On the U.S. side, representatives of the DoC, the Federal Trade Commission (FTC), the Department of Transportation, the Department of State, the Office of the Director of National Intelligence and the Department of Justice participated in the review, as well as the acting Ombudsperson, a Member of the Privacy and Civil Liberties Oversight Board (PCLOB) and the Office of the Inspector General of the Intelligence Community. Moreover, representatives of organisations that offer independent dispute resolution under the Privacy Shield, the American Arbitration Association as administrator of the Privacy Shield Arbitration Panel and some Privacy Shield-certified companies provided input during the annual review. The annual review has further been informed by publicly available material, such as court decisions, implementing rules and procedures of relevant U.S. authorities, reports and studies from NGOs, transparency reports issued by Privacy Shield-certified companies, press articles and other media reports.
4 2. FINDINGS, CONCLUSIONS AND RECOMMENDATIONS The annual review has demonstrated that the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield. The certification process has been handled in an overall satisfactory manner and more than 2400 companies have been certified so far. The U.S. authorities have put in place the complaint- handling and enforcement mechanisms and procedures to safeguard individual rights. This includes also the new additional redress avenues for EU individuals such as the arbitration panel and the Ombudsperson mechanism. Regarding the latter, an Acting Ombudsperson was designated following the change of Administration in January 2017, whereas the nomination of a permanent Ombudsperson is pending. Cooperation with European data protection authorities has been stepped up. As regards access to personal data by public authorities for national security purposes, relevant safeguards on the U.S. side remain in place, notably those based on Presidential Policy Directive 28 issued in 2014 which sets out limitations and safeguards on use by national security authorities of personal data, regardless of nationality of the individual. In this context, it should also be noted that section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA) is set to expire on 31 December 2017 and that reform proposals are under discussion in the U.S. Congress. The detailed factual findings concerning the functioning of all aspects of the Privacy Shield framework after its first year of operation are presented in the Commission Staff Working Document on the annual review of the functioning of the EU–U.S. Privacy Shield (SWD(2017) 344 final) which accompanies the present report. On the basis of these findings, the Commission concludes that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the Union to organisations in the United States. At the same time, the Commission considers that the practical implementation of the Privacy Shield framework can be further improved in order to ensure that the guarantees and safeguards provided therein continue to function as intended. To this end, the Commission makes the following recommendations: 2.1. Companies should not be able to publicly refer to their Privacy Shield certification before the certification is finalised by the DoC During the annual review it became apparent that companies which have applied for certification under the Privacy Shield, but whose certification has not yet been finalised by the DoC, can already publicly refer to their Privacy Shield certification. Consequently, there may be a discrepancy between information that is publicly available, and the DoC’s Privacy Shield list, which does not include a company before the certification is finalised. Such type of discrepancy creates uncertainty for EU individuals and companies in the EU that want to transfer data to the U.S., increases the risk of false claims of participation and undermines the credibility of the whole framework
5 Therefore, the Commission recommends that companies should not be allowed to make public representations about their Privacy Shield certification before the DoC has finalised the certification and included the company on the Privacy Shield list. The information provided by the DoC to companies on the certification process, including on the Privacy Shield website, should be amended to clarify that companies cannot publicly refer to their adherence to the framework before being included on the Privacy Shield list. 2.2. Proactive and regular search for false claims by the DoC The Commission recommends that the DoC conducts, proactively and on a regular basis, searches for false claims of participation in the Privacy Shield, not only in the context of the certification process, i.e. with respect to companies that have initiated but not completed the certification and nevertheless already claim participation in the framework, but also more generally with respect to companies that have never applied for certification but make representations suggesting to the public that they comply with the framework’s requirements. To this end, the DoC should take additional measures, including internet searches. As learned from the experience of the Privacy Shield’s predecessor, the Safe Harbour program, misleading practices are not uncommon and can weaken the credibility and solidity of the system as a whole. 2.3. Ongoing monitoring of compliance with the Privacy Shield Principles by the DoC The Commission recommends that the DoC conducts compliance checks on a regular basis. Compliance checks could for example take the form of compliance review questionnaires sent to a representative sample of certified companies on a specific “thematic” issue (e.g. onward transfers, data retention), or the DoC could systematically request to be provided with the annual compliance reports (which can be either a self-assessment or on outside compliance review) of certified companies seeking to be re-certified. The DoC could then make use of the annual compliance reports in order to identify possible compliance issues that may warrant further follow-up action before a company can be re-certified, or more systemic deficiencies in the functioning of the framework that need to be addressed. 2.4. Strengthening of awareness raising The Commission encourages both the DoC and the DPAs to continue and further strengthen the awareness-raising efforts that they have already undertaken in the past year. In order to ensure more effective protections for EU individuals, the DPAs, in cooperation with the Commission, could strengthen their efforts to inform EU individuals about how to exercise their rights under the Privacy Shield, notably on how to lodge complaints. 2.5. Improve cooperation between enforcers The Commission recommends that the DoC and the DPAs should cooperate, if appropriate also with the FTC, to develop guidance on the interpretation of certain concepts in the Privacy
6 Shield that need further clarification. This would be in the interest of improved cooperation between the authorities that implement and enforce the framework on both sides of the Atlantic, of the development of convergence in the interpretation of the Privacy Shield’s rules and of greater legal certainty for businesses. The principle of accountability for onward transfers and the definition of human resources data have emerged from the first annual review as examples of concepts that could benefit from additional clarification. 2.6. Study on automated decision-making In order to draw more precise conclusions on the question of automated decision-making, including in view of the next annual review, the Commission will commission a study to collect factual evidence and further assess the relevance of automated decision-making for transfers carried out on the basis of the Privacy Shield 2.7. Enshrine the protections of PPD-28 in the Foreign Intelligence Surveillance Act The upcoming debate on the re-authorisation of Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides the U.S. Administration and Congress with a unique opportunity for strengthening the privacy protections contained in FISA. In this context, the Commission hopes that the Congress will consider favourably enshrining the protections offered by Presidential Policy Directive (PPD)-28 with respect to non-US persons in FISA, with a view to ensuring the stability and continuity of these protections. Any further reforms, both in terms of substantive limitations and in terms of procedural safeguards, should be implemented in the spirit of PPD-28 and thus provide protection irrespective of nationality or country of residence. 2.8. Swift appointment of the Privacy Shield Ombudsperson The Commission calls on the U.S. administration to confirm its political commitment to the Ombudsperson mechanism, as an important element of the Privacy Shield framework as a whole, by filling the position of the Ombudsperson with a permanent appointee as soon as possible. 2.9. Swift appointment of the members of the PCLOB and release of the PCLOB report on PPD-28 As an independent agency within the executive branch, the PCLOB has an important function with respect to the protection of privacy and civil liberties in the field of counterterrorism policies and their implementation. The Commission recommends the swift appointment of the missing members of the PCLOB by the U.S. administration, so that the PCLOB is able to fulfil all aspects of this function. Moreover, given the relevance of PPD-28 for the limitations and safeguards applying to government access for signals intelligence, and thus for the Commission's periodic review of
7 its adequacy assessment, the Commission calls on the U.S. administration to publicly release the PCLOB’s report on the implementation of PPD-28. 2.10. More timely and comprehensive reporting of relevant developments by U.S. authorities The Commission recommends that the U.S. authorities proactively fulfil their commitment to provide the Commission with timely and comprehensive information about any developments that could be of relevance for the Privacy Shield, including on developments that are liable to raise questions about the protections afforded under the framework.

Empfohlen

The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...i-SCOOP
 
Заява саміт Україна-ЄС
Заява саміт Україна-ЄСЗаява саміт Україна-ЄС
Заява саміт Україна-ЄСNastya Korinovska
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_enGreg Sterling
 
Council conclusions-on-hong-kong
Council conclusions-on-hong-kongCouncil conclusions-on-hong-kong
Council conclusions-on-hong-kongPravotv
 
The Right to Be Forgotten in European Search Results
The Right to Be Forgotten in European Search ResultsThe Right to Be Forgotten in European Search Results
The Right to Be Forgotten in European Search ResultsGreg Sterling
 
Slovak Republic: Grant Thornton Tax Newsletter - September 2016
Slovak Republic: Grant Thornton Tax Newsletter - September 2016Slovak Republic: Grant Thornton Tax Newsletter - September 2016
Slovak Republic: Grant Thornton Tax Newsletter - September 2016Alex Baulf
 
AleksandraKowalik (11)
AleksandraKowalik (11)AleksandraKowalik (11)
AleksandraKowalik (11)Aleksandra Kowalik
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 

Empfohlen

The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...The EU ePrivacy Regulation text as it was published after the vote in the LIB...
The EU ePrivacy Regulation text as it was published after the vote in the LIB...i-SCOOP
 
Заява саміт Україна-ЄС
Заява саміт Україна-ЄСЗаява саміт Україна-ЄС
Заява саміт Україна-ЄСNastya Korinovska
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_enGreg Sterling
 
Council conclusions-on-hong-kong
Council conclusions-on-hong-kongCouncil conclusions-on-hong-kong
Council conclusions-on-hong-kongPravotv
 
The Right to Be Forgotten in European Search Results
The Right to Be Forgotten in European Search ResultsThe Right to Be Forgotten in European Search Results
The Right to Be Forgotten in European Search ResultsGreg Sterling
 
Slovak Republic: Grant Thornton Tax Newsletter - September 2016
Slovak Republic: Grant Thornton Tax Newsletter - September 2016Slovak Republic: Grant Thornton Tax Newsletter - September 2016
Slovak Republic: Grant Thornton Tax Newsletter - September 2016Alex Baulf
 
AleksandraKowalik (11)
AleksandraKowalik (11)AleksandraKowalik (11)
AleksandraKowalik (11)Aleksandra Kowalik
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKING
LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKINGLAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKING
LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKINGThierry Debels
 
Звіт Єврокомісії щодо механізму призупинення візового режиму з Україною
Звіт Єврокомісії щодо механізму призупинення візового режиму з УкраїноюЗвіт Єврокомісії щодо механізму призупинення візового режиму з Україною
Звіт Єврокомісії щодо механізму призупинення візового режиму з Україноюtsnua
 
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)Europe without barriers
 
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...Europe without barriers
 
Politics this week
Politics this weekPolitics this week
Politics this weekimageconsulting07
 
TTIP negotiation documents (COMPETITION PART)
TTIP negotiation documents (COMPETITION PART)TTIP negotiation documents (COMPETITION PART)
TTIP negotiation documents (COMPETITION PART)CONSULTANTITRUST Arnaud FOURNIER
 
TTIP negotiation disagreements documents (COMPETITION PART)
TTIP negotiation disagreements documents (COMPETITION PART)TTIP negotiation disagreements documents (COMPETITION PART)
TTIP negotiation disagreements documents (COMPETITION PART)CONSULTANTITRUST Arnaud FOURNIER
 
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...Localogy
 
04. eu tr guidance document
04. eu tr guidance document04. eu tr guidance document
04. eu tr guidance documentMinh Vu
 
04 eutr final guidance document
04 eutr final guidance document04 eutr final guidance document
04 eutr final guidance documentMinh Vu
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Report of the advisory committee to google on the right to be forgotten
Report of the advisory committee to google on the right to be forgottenReport of the advisory committee to google on the right to be forgotten
Report of the advisory committee to google on the right to be forgottenGreg Sterling
 
Reform of the Dublin III Regulation
Reform of the Dublin III RegulationReform of the Dublin III Regulation
Reform of the Dublin III RegulationThierry Debels
 
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...Andrew Vodianyi
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORTMartina Lindblad
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
EU Data Protection, Legislation and Certification
EU Data Protection, Legislation and Certification EU Data Protection, Legislation and Certification
EU Data Protection, Legislation and Certification CRISP Project
 

Weitere ähnliche Inhalte

Was ist angesagt?

LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKING
LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKINGLAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKING
LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKINGThierry Debels
 
Звіт Єврокомісії щодо механізму призупинення візового режиму з Україною
Звіт Єврокомісії щодо механізму призупинення візового режиму з УкраїноюЗвіт Єврокомісії щодо механізму призупинення візового режиму з Україною
Звіт Єврокомісії щодо механізму призупинення візового режиму з Україноюtsnua
 
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)Europe without barriers
 
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...Europe without barriers
 
TTIP negotiation disagreements documents (COMPETITION PART)
TTIP negotiation disagreements documents (COMPETITION PART)TTIP negotiation disagreements documents (COMPETITION PART)
TTIP negotiation disagreements documents (COMPETITION PART)CONSULTANTITRUST Arnaud FOURNIER
 
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...Localogy
 
04. eu tr guidance document
04. eu tr guidance document04. eu tr guidance document
04. eu tr guidance documentMinh Vu
 
04 eutr final guidance document
04 eutr final guidance document04 eutr final guidance document
04 eutr final guidance documentMinh Vu
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldParsons Behle & Latimer
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Report of the advisory committee to google on the right to be forgotten
Report of the advisory committee to google on the right to be forgottenReport of the advisory committee to google on the right to be forgotten
Report of the advisory committee to google on the right to be forgottenGreg Sterling
 
Reform of the Dublin III Regulation
Reform of the Dublin III RegulationReform of the Dublin III Regulation
Reform of the Dublin III RegulationThierry Debels
 
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...Andrew Vodianyi
 

Was ist angesagt? (15)

LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKING
LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKINGLAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKING
LAW ENFORCEMENT AND ITS ROLE IN THE FIGHT AGAINST DRUG TRAFFICKING
 
Звіт Єврокомісії щодо механізму призупинення візового режиму з Україною
Звіт Єврокомісії щодо механізму призупинення візового режиму з УкраїноюЗвіт Єврокомісії щодо механізму призупинення візового режиму з Україною
Звіт Єврокомісії щодо механізму призупинення візового режиму з Україною
 
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)
Reforms for Mobility: EU-Ukraine Visa Liberalization (2000-2017)
 
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...
Policy brief “Almost There: The Carrots of Visa Liberalization as An Impetus ...
 
Politics this week
Politics this weekPolitics this week
Politics this week
 
TTIP negotiation documents (COMPETITION PART)
TTIP negotiation documents (COMPETITION PART)TTIP negotiation documents (COMPETITION PART)
TTIP negotiation documents (COMPETITION PART)
 
TTIP negotiation disagreements documents (COMPETITION PART)
TTIP negotiation disagreements documents (COMPETITION PART)TTIP negotiation disagreements documents (COMPETITION PART)
TTIP negotiation disagreements documents (COMPETITION PART)
 
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...
 
04. eu tr guidance document
04. eu tr guidance document04. eu tr guidance document
04. eu tr guidance document
 
04 eutr final guidance document
04 eutr final guidance document04 eutr final guidance document
04 eutr final guidance document
 
Cross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy ShieldCross Border Data Transfers and the Privacy Shield
Cross Border Data Transfers and the Privacy Shield
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Report of the advisory committee to google on the right to be forgotten
Report of the advisory committee to google on the right to be forgottenReport of the advisory committee to google on the right to be forgotten
Report of the advisory committee to google on the right to be forgotten
 
Reform of the Dublin III Regulation
Reform of the Dublin III RegulationReform of the Dublin III Regulation
Reform of the Dublin III Regulation
 
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...
Sixth Progress Report on the Implementation by Ukraine of the Action Plan on ...
 

Ähnlich wie EU–US Privacy Shield has Flaws

EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
EU Data Protection, Legislation and Certification
EU Data Protection, Legislation and Certification EU Data Protection, Legislation and Certification
EU Data Protection, Legislation and Certification CRISP Project
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
Privacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slidesharePrivacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slideshareFreddy Ntwari
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
Uk data retention review ver 3.0
Uk data retention review ver 3.0Uk data retention review ver 3.0
Uk data retention review ver 3.0Amr El-Deeb
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in EuropeMartyn Ripley
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 

Ähnlich wie EU–US Privacy Shield has Flaws (20)

EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTe
 
PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?PECB Webinar: The End of Safe Harbour! What happens Next?
PECB Webinar: The End of Safe Harbour! What happens Next?
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORT
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
 
EU Data Protection, Legislation and Certification
EU Data Protection, Legislation and Certification EU Data Protection, Legislation and Certification
EU Data Protection, Legislation and Certification
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU Data
 
Privacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slidesharePrivacy shield what you need to know about storing eu data slideshare
Privacy shield what you need to know about storing eu data slideshare
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Didier Reynders letter to the EU Parliament
Didier Reynders letter to the EU ParliamentDidier Reynders letter to the EU Parliament
Didier Reynders letter to the EU Parliament
 
EU-US Data Privacy Framework
EU-US Data Privacy FrameworkEU-US Data Privacy Framework
EU-US Data Privacy Framework
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final
 
Uk data retention review ver 3.0
Uk data retention review ver 3.0Uk data retention review ver 3.0
Uk data retention review ver 3.0
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Privacy Laws in Europe
Privacy Laws in EuropePrivacy Laws in Europe
Privacy Laws in Europe
 
Evertio Schrems II
Evertio Schrems IIEvertio Schrems II
Evertio Schrems II
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
PL&B _UK_80
PL&B _UK_80PL&B _UK_80
PL&B _UK_80
 

Mehr von Thierry Debels

Oprichtingsakte firma Lincelles prins Andrew
Oprichtingsakte firma Lincelles prins AndrewOprichtingsakte firma Lincelles prins Andrew
Oprichtingsakte firma Lincelles prins AndrewThierry Debels
 
Pro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -Mendez
Pro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -MendezPro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -Mendez
Pro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -MendezThierry Debels
 
Notities Willy Acke over de Bende van Nijvel
Notities Willy Acke over de Bende van NijvelNotities Willy Acke over de Bende van Nijvel
Notities Willy Acke over de Bende van NijvelThierry Debels
 
Rapport Bende van Nijvel onderzoeksrechter Guy Wezel
Rapport Bende van Nijvel onderzoeksrechter Guy WezelRapport Bende van Nijvel onderzoeksrechter Guy Wezel
Rapport Bende van Nijvel onderzoeksrechter Guy WezelThierry Debels
 
AVROX - Modification non statutaire de mandataires
AVROX - Modification non statutaire de mandatairesAVROX - Modification non statutaire de mandataires
AVROX - Modification non statutaire de mandatairesThierry Debels
 
AstraZeneca - Transparency register EU
AstraZeneca - Transparency register EUAstraZeneca - Transparency register EU
AstraZeneca - Transparency register EUThierry Debels
 
Kamerbrief erkenning Stay Behind
Kamerbrief erkenning Stay BehindKamerbrief erkenning Stay Behind
Kamerbrief erkenning Stay BehindThierry Debels
 
Financiering moskeeën in Vlaanderen
Financiering moskeeën in VlaanderenFinanciering moskeeën in Vlaanderen
Financiering moskeeën in VlaanderenThierry Debels
 
Verslag vzw Platform van Vlaamse Imams en Moslimdeskundigen
Verslag vzw Platform van Vlaamse Imams en MoslimdeskundigenVerslag vzw Platform van Vlaamse Imams en Moslimdeskundigen
Verslag vzw Platform van Vlaamse Imams en MoslimdeskundigenThierry Debels
 
EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21
EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21
EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21Thierry Debels
 
Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21
Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21
Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21Thierry Debels
 
Afsprakennota LGU Academy vzw 2018
Afsprakennota LGU Academy vzw 2018Afsprakennota LGU Academy vzw 2018
Afsprakennota LGU Academy vzw 2018Thierry Debels
 
The number of individual cases identified in EudraVigilance for TOZINAMERAN i...
The number of individual cases identified in EudraVigilance for TOZINAMERAN i...The number of individual cases identified in EudraVigilance for TOZINAMERAN i...
The number of individual cases identified in EudraVigilance for TOZINAMERAN i...Thierry Debels
 
List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...
List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...
List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...Thierry Debels
 
EudraVigilance - Comirnaty - Individual cases
EudraVigilance - Comirnaty - Individual casesEudraVigilance - Comirnaty - Individual cases
EudraVigilance - Comirnaty - Individual casesThierry Debels
 
Démission administrateur Avrox
Démission administrateur AvroxDémission administrateur Avrox
Démission administrateur AvroxThierry Debels
 
Registratie BioNTech in lobbyregister EU
Registratie BioNTech in lobbyregister EURegistratie BioNTech in lobbyregister EU
Registratie BioNTech in lobbyregister EUThierry Debels
 
POLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSEL
POLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSELPOLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSEL
POLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSELThierry Debels
 
Projectoproep delen Antwerpse stadsvloot
Projectoproep delen Antwerpse stadsvlootProjectoproep delen Antwerpse stadsvloot
Projectoproep delen Antwerpse stadsvlootThierry Debels
 

Mehr von Thierry Debels (20)

Oprichtingsakte firma Lincelles prins Andrew
Oprichtingsakte firma Lincelles prins AndrewOprichtingsakte firma Lincelles prins Andrew
Oprichtingsakte firma Lincelles prins Andrew
 
Pro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -Mendez
Pro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -MendezPro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -Mendez
Pro Justitia 8/12/89 Jean Deprêtre over videocassette in zaak -Mendez
 
Notities Willy Acke over de Bende van Nijvel
Notities Willy Acke over de Bende van NijvelNotities Willy Acke over de Bende van Nijvel
Notities Willy Acke over de Bende van Nijvel
 
Rapport Bende van Nijvel onderzoeksrechter Guy Wezel
Rapport Bende van Nijvel onderzoeksrechter Guy WezelRapport Bende van Nijvel onderzoeksrechter Guy Wezel
Rapport Bende van Nijvel onderzoeksrechter Guy Wezel
 
AVROX - Modification non statutaire de mandataires
AVROX - Modification non statutaire de mandatairesAVROX - Modification non statutaire de mandataires
AVROX - Modification non statutaire de mandataires
 
AstraZeneca - Transparency register EU
AstraZeneca - Transparency register EUAstraZeneca - Transparency register EU
AstraZeneca - Transparency register EU
 
Kamerbrief erkenning Stay Behind
Kamerbrief erkenning Stay BehindKamerbrief erkenning Stay Behind
Kamerbrief erkenning Stay Behind
 
Financiering moskeeën in Vlaanderen
Financiering moskeeën in VlaanderenFinanciering moskeeën in Vlaanderen
Financiering moskeeën in Vlaanderen
 
Verslag vzw Platform van Vlaamse Imams en Moslimdeskundigen
Verslag vzw Platform van Vlaamse Imams en MoslimdeskundigenVerslag vzw Platform van Vlaamse Imams en Moslimdeskundigen
Verslag vzw Platform van Vlaamse Imams en Moslimdeskundigen
 
EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21
EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21
EudraVigilance - Moderna covid MRNA vaccine up to 13/2/21
 
Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21
Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21
Mogelijke bijwerkingen Pfizer-vaccin Europa tot 13/2/21
 
Afsprakennota LGU Academy vzw 2018
Afsprakennota LGU Academy vzw 2018Afsprakennota LGU Academy vzw 2018
Afsprakennota LGU Academy vzw 2018
 
The number of individual cases identified in EudraVigilance for TOZINAMERAN i...
The number of individual cases identified in EudraVigilance for TOZINAMERAN i...The number of individual cases identified in EudraVigilance for TOZINAMERAN i...
The number of individual cases identified in EudraVigilance for TOZINAMERAN i...
 
List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...
List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...
List of meetings Bill & Melinda Gates Foundation has held with Commissioners,...
 
EudraVigilance - Comirnaty - Individual cases
EudraVigilance - Comirnaty - Individual casesEudraVigilance - Comirnaty - Individual cases
EudraVigilance - Comirnaty - Individual cases
 
Démission administrateur Avrox
Démission administrateur AvroxDémission administrateur Avrox
Démission administrateur Avrox
 
So Sense SA
So Sense SASo Sense SA
So Sense SA
 
Registratie BioNTech in lobbyregister EU
Registratie BioNTech in lobbyregister EURegistratie BioNTech in lobbyregister EU
Registratie BioNTech in lobbyregister EU
 
POLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSEL
POLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSELPOLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSEL
POLITIËLE CRIMINALITEITSSTATISTIEKEN - STAD BRUSSEL
 
Projectoproep delen Antwerpse stadsvloot
Projectoproep delen Antwerpse stadsvlootProjectoproep delen Antwerpse stadsvloot
Projectoproep delen Antwerpse stadsvloot
 

Kürzlich hochgeladen

Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...aartirawatdelhi
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Christina Parmionova
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Dipal Arora
 
Building the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageBuilding the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageTechSoup
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Hemant Purohit
 
Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at workChristina Parmionova
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceHigh Profile Call Girls
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...tanu pandey
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...ranjana rawat
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...nservice241
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos WebinarLinda Reinstein
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...anilsa9823
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...Suhani Kapoor
 

Kürzlich hochgeladen (20)

Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
Night 7k to 12k Call Girls Service In Navi Mumbai 👉 BOOK NOW 9833363713 👈 ♀️...
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
How to Save a Place: 12 Tips To Research & Know the Threat
How to Save a Place: 12 Tips To Research & Know the ThreatHow to Save a Place: 12 Tips To Research & Know the Threat
How to Save a Place: 12 Tips To Research & Know the Threat
 
Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.Global debate on climate change and occupational safety and health.
Global debate on climate change and occupational safety and health.
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
 
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
Delhi Russian Call Girls In Connaught Place ➡️9999965857 India's Finest Model...
 
Building the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized StorageBuilding the Commons: Community Archiving & Decentralized Storage
Building the Commons: Community Archiving & Decentralized Storage
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
 
Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at work
 
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
(SUHANI) Call Girls Pimple Saudagar ( 7001035870 ) HI-Fi Pune Escorts Service
 
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
 
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 37 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
Call On 6297143586 Viman Nagar Call Girls In All Pune 24/7 Provide Call With...
 
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Junnar ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
VIP Call Girls Service Bikaner Aishwarya 8250192130 Independent Escort Servic...
 

EU–US Privacy Shield has Flaws

  • 1. 13524/17 VH/np DGD 2C EN Council of the European Union Brussels, 20 October 2017 (OR. en) 13524/17 DATAPROTECT 164 JAI 952 DAPIX 338 FREMP 117 DIGIT 219 RELEX 887 COVER NOTE From: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of receipt: 19 October 2017 To: Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union Subject: REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield Delegations will find attached document COM(2017) 611 final. Encl.: COM(2017) 611 final
  • 2. EN EN EUROPEAN COMMISSION Brussels, 18.10.2017 COM(2017) 611 final REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield {SWD(2017) 344 final}
  • 3. 2 REPORT FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL on the first annual review of the functioning of the EU–U.S. Privacy Shield 1. THE FIRST ANNUAL REVIEW – PURPOSE, PREPARATION AND PROCESS In its Decision of 12 July 20161 (“the adequacy decision”), the Commission found that the EU-U.S. Privacy Shield (“Privacy Shield”) ensures an adequate level of protection for personal data that has been transferred from the European Union to organisations in the U.S. The Privacy Shield reflects the principles and requirements laid down by the European Court of Justice in its decision in the Schrems case2 , which invalidated the previous Safe Harbour framework. It provides for a number of novel elements, compared to Safe Harbour, which enhance the protection of personal data when it is transferred to the United States. This includes stricter obligations on Privacy Shield-certified companies, for example regarding limitations on how long a company may retain personal data (so-called “data retention” principle) or the conditions under which data can be shared with third parties outside the framework (so-called “accountability for onward transfers” principle). It also provides for more regular and rigorous monitoring by the Department of Commerce (DoC) and significantly strengthens the possibilities for EU individuals to obtain redress. In addition, the Privacy Shield builds on specific written representations and assurances made by the U.S. government that access by public authorities to personal data transferred under the Privacy Shield for national security, law enforcement and other public interest purposes is subject to clear limitations and safeguards. To this end, it also creates an entirely new redress mechanism, the Ombudsperson. The Commission committed to evaluate its adequacy finding on an annual basis, and, to this end, conducts an annual review of the functioning of the Privacy Shield. The first annual review of the functioning of the Privacy Shield is concluded with the present report. The review covered all aspects of the Privacy Shield, i.e. the implementation, administration, supervision and enforcement of the Privacy Shield framework by the competent U.S. authorities and bodies as well as questions relating to the access by U.S. public authorities to personal data transferred under the Privacy Shield for public interest purposes, in particular national security. It also included a dialogue on the specific topic of automated decision- making and an assessment of developments in the U.S. legal system over the past year which could have an impact on the functioning of the Privacy Shield. 1 Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield, OJ L 207, 1.8.2016, p.1. 2 Judgment of the Court of Justice of the European Union of 6 October 2015, Case C-362/14, Maximilian Schrems v Data Protection Commissioner ("Schrems").
  • 4. 3 The Privacy Shield framework has been operational since 1 August 2016. Taking into account that this has been the first year of its operation, the Commission’s annual review has focused on verifying that all the mechanisms and procedures provided for in the framework – many of which were newly created – have been fully implemented and are functioning in the way that is foreseen in the adequacy decision. Moreover, the Commission has put particular emphasis on checking whether and how the various U.S. authorities involved in the implementation of the framework have lived up to their representations and commitments, both as regards the administration and supervision of the commercial aspects of the Privacy Shield, and with respect to government access to personal data. The change of the U.S. administration in January 2017 made this particularly relevant. In preparation of the annual review, the Commission gathered information and feedback on the implementation and functioning of the Privacy Shield framework from relevant stakeholders, more specifically from Privacy Shield-certified companies through their respective trade associations, and from non-governmental organisations (NGOs) active in the field of fundamental rights and in particular digital rights and privacy. It also sought and obtained written information from the U.S. authorities involved in the implementation of the framework, including relevant documents and material. The first Annual Joint Review took place on 18 and 19 September 2017 in Washington, DC. It was opened by Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, and U.S. Secretary of Commerce Wilbur Ross. The annual review was conducted for the EU by representatives of the European Commission’s Directorate General for Justice and Consumers. The EU delegation also included eight representatives designated by the Article 29 Working Party, the advisory body bringing together the national data protection authorities of the Member States (DPAs) as well as the European Data Protection Supervisor. On the U.S. side, representatives of the DoC, the Federal Trade Commission (FTC), the Department of Transportation, the Department of State, the Office of the Director of National Intelligence and the Department of Justice participated in the review, as well as the acting Ombudsperson, a Member of the Privacy and Civil Liberties Oversight Board (PCLOB) and the Office of the Inspector General of the Intelligence Community. Moreover, representatives of organisations that offer independent dispute resolution under the Privacy Shield, the American Arbitration Association as administrator of the Privacy Shield Arbitration Panel and some Privacy Shield-certified companies provided input during the annual review. The annual review has further been informed by publicly available material, such as court decisions, implementing rules and procedures of relevant U.S. authorities, reports and studies from NGOs, transparency reports issued by Privacy Shield-certified companies, press articles and other media reports.
  • 5. 4 2. FINDINGS, CONCLUSIONS AND RECOMMENDATIONS The annual review has demonstrated that the U.S. authorities have put in place the necessary structures and procedures to ensure the correct functioning of the Privacy Shield. The certification process has been handled in an overall satisfactory manner and more than 2400 companies have been certified so far. The U.S. authorities have put in place the complaint- handling and enforcement mechanisms and procedures to safeguard individual rights. This includes also the new additional redress avenues for EU individuals such as the arbitration panel and the Ombudsperson mechanism. Regarding the latter, an Acting Ombudsperson was designated following the change of Administration in January 2017, whereas the nomination of a permanent Ombudsperson is pending. Cooperation with European data protection authorities has been stepped up. As regards access to personal data by public authorities for national security purposes, relevant safeguards on the U.S. side remain in place, notably those based on Presidential Policy Directive 28 issued in 2014 which sets out limitations and safeguards on use by national security authorities of personal data, regardless of nationality of the individual. In this context, it should also be noted that section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA) is set to expire on 31 December 2017 and that reform proposals are under discussion in the U.S. Congress. The detailed factual findings concerning the functioning of all aspects of the Privacy Shield framework after its first year of operation are presented in the Commission Staff Working Document on the annual review of the functioning of the EU–U.S. Privacy Shield (SWD(2017) 344 final) which accompanies the present report. On the basis of these findings, the Commission concludes that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the Union to organisations in the United States. At the same time, the Commission considers that the practical implementation of the Privacy Shield framework can be further improved in order to ensure that the guarantees and safeguards provided therein continue to function as intended. To this end, the Commission makes the following recommendations: 2.1. Companies should not be able to publicly refer to their Privacy Shield certification before the certification is finalised by the DoC During the annual review it became apparent that companies which have applied for certification under the Privacy Shield, but whose certification has not yet been finalised by the DoC, can already publicly refer to their Privacy Shield certification. Consequently, there may be a discrepancy between information that is publicly available, and the DoC’s Privacy Shield list, which does not include a company before the certification is finalised. Such type of discrepancy creates uncertainty for EU individuals and companies in the EU that want to transfer data to the U.S., increases the risk of false claims of participation and undermines the credibility of the whole framework
  • 6. 5 Therefore, the Commission recommends that companies should not be allowed to make public representations about their Privacy Shield certification before the DoC has finalised the certification and included the company on the Privacy Shield list. The information provided by the DoC to companies on the certification process, including on the Privacy Shield website, should be amended to clarify that companies cannot publicly refer to their adherence to the framework before being included on the Privacy Shield list. 2.2. Proactive and regular search for false claims by the DoC The Commission recommends that the DoC conducts, proactively and on a regular basis, searches for false claims of participation in the Privacy Shield, not only in the context of the certification process, i.e. with respect to companies that have initiated but not completed the certification and nevertheless already claim participation in the framework, but also more generally with respect to companies that have never applied for certification but make representations suggesting to the public that they comply with the framework’s requirements. To this end, the DoC should take additional measures, including internet searches. As learned from the experience of the Privacy Shield’s predecessor, the Safe Harbour program, misleading practices are not uncommon and can weaken the credibility and solidity of the system as a whole. 2.3. Ongoing monitoring of compliance with the Privacy Shield Principles by the DoC The Commission recommends that the DoC conducts compliance checks on a regular basis. Compliance checks could for example take the form of compliance review questionnaires sent to a representative sample of certified companies on a specific “thematic” issue (e.g. onward transfers, data retention), or the DoC could systematically request to be provided with the annual compliance reports (which can be either a self-assessment or on outside compliance review) of certified companies seeking to be re-certified. The DoC could then make use of the annual compliance reports in order to identify possible compliance issues that may warrant further follow-up action before a company can be re-certified, or more systemic deficiencies in the functioning of the framework that need to be addressed. 2.4. Strengthening of awareness raising The Commission encourages both the DoC and the DPAs to continue and further strengthen the awareness-raising efforts that they have already undertaken in the past year. In order to ensure more effective protections for EU individuals, the DPAs, in cooperation with the Commission, could strengthen their efforts to inform EU individuals about how to exercise their rights under the Privacy Shield, notably on how to lodge complaints. 2.5. Improve cooperation between enforcers The Commission recommends that the DoC and the DPAs should cooperate, if appropriate also with the FTC, to develop guidance on the interpretation of certain concepts in the Privacy
  • 7. 6 Shield that need further clarification. This would be in the interest of improved cooperation between the authorities that implement and enforce the framework on both sides of the Atlantic, of the development of convergence in the interpretation of the Privacy Shield’s rules and of greater legal certainty for businesses. The principle of accountability for onward transfers and the definition of human resources data have emerged from the first annual review as examples of concepts that could benefit from additional clarification. 2.6. Study on automated decision-making In order to draw more precise conclusions on the question of automated decision-making, including in view of the next annual review, the Commission will commission a study to collect factual evidence and further assess the relevance of automated decision-making for transfers carried out on the basis of the Privacy Shield 2.7. Enshrine the protections of PPD-28 in the Foreign Intelligence Surveillance Act The upcoming debate on the re-authorisation of Section 702 of the Foreign Intelligence Surveillance Act (FISA) provides the U.S. Administration and Congress with a unique opportunity for strengthening the privacy protections contained in FISA. In this context, the Commission hopes that the Congress will consider favourably enshrining the protections offered by Presidential Policy Directive (PPD)-28 with respect to non-US persons in FISA, with a view to ensuring the stability and continuity of these protections. Any further reforms, both in terms of substantive limitations and in terms of procedural safeguards, should be implemented in the spirit of PPD-28 and thus provide protection irrespective of nationality or country of residence. 2.8. Swift appointment of the Privacy Shield Ombudsperson The Commission calls on the U.S. administration to confirm its political commitment to the Ombudsperson mechanism, as an important element of the Privacy Shield framework as a whole, by filling the position of the Ombudsperson with a permanent appointee as soon as possible. 2.9. Swift appointment of the members of the PCLOB and release of the PCLOB report on PPD-28 As an independent agency within the executive branch, the PCLOB has an important function with respect to the protection of privacy and civil liberties in the field of counterterrorism policies and their implementation. The Commission recommends the swift appointment of the missing members of the PCLOB by the U.S. administration, so that the PCLOB is able to fulfil all aspects of this function. Moreover, given the relevance of PPD-28 for the limitations and safeguards applying to government access for signals intelligence, and thus for the Commission's periodic review of
  • 8. 7 its adequacy assessment, the Commission calls on the U.S. administration to publicly release the PCLOB’s report on the implementation of PPD-28. 2.10. More timely and comprehensive reporting of relevant developments by U.S. authorities The Commission recommends that the U.S. authorities proactively fulfil their commitment to provide the Commission with timely and comprehensive information about any developments that could be of relevance for the Privacy Shield, including on developments that are liable to raise questions about the protections afforded under the framework.