Article 29 Working Party on Privacy Shield

December 6, 2017

 The EU Commission’s broadly positive
report on the EU-US Privacy Shield
was made available in October but it is
only now that the
Article 29
Working Party’s findings
(WP 255) on the Privacy Shield have been adopted
and published. The document can be downloaded from the link below.

Given the long list of areas where the Article 29 Working
Party identifies problems which have yet to be resolved, it is perhaps surprising
that the Shield has been given a pass. But the commercial realities were always
a main driver here; those worried about the effect of Brexit will be comforted
by the approach to what some may regard as basic issues.

The negative highlights of the WP29’s findings include:

  • ·       
    the lack of guidance and clear information on the
    principles of Privacy Shield
  • ·       
    the need for an enhancement of the
    self-certification process for companies
  • ·       
    ‘the main points of concern [on the use of
    surveillance powers] have yet to be fully resolved’
  • ·       
    redress for EU citizens is not guaranteed
    because of ‘the problematic admissibility threshold of the “standing requirement”’
    and the Ombudsman is yet to be appointed.

The Executive Summary concludes with the following passage:

‘The WP29 expects the remaining
concerns to be addressed at the latest at the second joint review. In case no
remedy is brought to the concerns of the WP29 in the given time frames, the
members of WP29 will take appropriate action, including bringing the Privacy
Shield Adequacy decision to national courts for them to make a reference to the
CJEU for a preliminary ruling