RD430 - ETNO position paper on Privacy Shield
Towards the swift adoption of a future-proof and sustainable text
ETNO acknowledges the progress made on the proposed EU-US Privacy Shield, a new framework for transatlantic data flows that will replace the Safe Harbour and aims at providing improved protection for data transfers across the Atlantic. In times of a Data Driven Economy, data transfers between US and EU are an essential part of the EU competitiveness, and consequently EU industry needs a sustainable framework providing a better environment for business, while, at the same time ensuring the necessary guarantees for privacy of European citizens.
ETNO calls on EU/US Authorities to reflect the concerns raised by the EU Ombudsman, Art. 29 WG, EDPS in order to ensure a swift adoption of a future-proof and sustainable Privacy Shield Adequacy Decision for the benefit of European companies and citizens alike.
The new framework could help regain legal certainty in transatlantic data flows. The new EU-US Privacy Shield agreement assures that private sector activities will be monitored by the Department of Commerce, which will cooperate and coordinate with European DPAs to facilitate complaints by EU citizens for misuse of their personal data.
Back in 2013, European Commission and VP Reding asked EU based companies to provide suggestions on how to improve the already much contested Safe Harbour. At that time, ETNO identified some existing weaknesses in the implementation of the Safe Harbour and proposed some recommendations to improve its functioning. Considering that Safe Harbour was a light system based on self-certification, it was absolutely key that its functioning and effectiveness were improved by US Authorities for it to remain a credible instrument. ETNO proposed, amongst others, the following improvements:
- stronger enforcement mechanisms,
- more transparency, and
- closer cooperation between US and EU Authorities
It is positive to see how two years and half later these recommendations have been included in the new draft scheme.
Even if the telecommunications sector is not covered by the Privacy Shield because telcos are not subject to the jurisdiction of the US Federal Trade Commission, but to the Federal Communications Commission, ETNO is very interested in a positive outcome, the sooner the better, as very often our subcontractors will be covered by the Privacy Shield. Regarding the impact of this new agreement on businesses:
- The impact will be positive on data processors, who process data on behalf of other companies (M2M services, hosting, payment services, billing, incidents handling, etc.)
- Additionally, the agreement will also have positive impact on EU-based companies (data controllers) which would sub-contract services to US-based self-certified Privacy Shield companies under the new regime, in substitution of the former Safe Harbour.
The outcome of the Privacy Shield will be directly relevant for the robustness and the viability of other critical transfer mechanisms such as the Standard Contractual Clauses1 or the Binding Corporate Rules for transfers of personal data outside the EU.
Therefore, it is of utmost importance that the final draft Decision on Privacy Shield introduces substantial improvements, as requested by Article 29 Working Party, European Parliament and EDPS, so that Member States feel comfortable with the proposed text and can give their green light as soon as possible at their vote scheduled on 29th June.
The adoption of the new Privacy Shield should not be considered at any cost. Only a future-proof and sustainable agreement that reflects essential improvements will provide companies with the needed legal certainty for the transfer of personal data from the EU to the US. The implementation of Digital Single Market Strategy, European citizens and companies need sustainable solutions in light of today’s globalized economy and society, where international transfers of data are not an exception, but the general rule. Companies and citizens need streamlined procedures allowing transfers of data while ensuring “adequate” levels of protection.
ETNO (European Telecommunications Network Operators' Association) represents Europe’s telecommunications network operators and is the principal policy group for European e-communications network operators. ETNO’s primary purpose is to promote a positive policy environment allowing the EU telecommunications sector to deliver best quality services to consumers and businesses.
For questions and clarifications regarding this position paper, please contact Marta Capelo firstname.lastname@example.org