11 Apr 2016

Future Adoption of the draft EU-US Privacy Shield Adequacy Decision

Future Adoption of the draft EU-US Privacy Shield Adequacy Decision

Dear Minister Van der Steur,

As the voice of the digital technology sector in Europe, DIGITALEUROPE has long supported the ambitions of the EU institutions to restore trust in transatlantic data flows. We welcome the publication of the draft EU-US Privacy Shield Adequacy Decision and strongly support its prompt adoption, which is essential to re-establishing a sustainable path for data transfers between the EU and the US.

The EU and US are each other’s most important markets. The political, cultural and economic ties between these partners means that the transfer of personal data across the Atlantic is inevitable. A disruption in transatlantic data flows could reduce EU GDP by up to 1.3% and lead to a 6.7% drop in EU services exports to the US. At a time of continued economic recovery in Europe, such a negative economic shock must be avoided.

The invalidation of the Safe Harbour framework by the Court of Justice of the EU (CJEU) created an unprecedented state of legal uncertainty for European and US businesses of all sizes, particularly SMEs, which made up approximately 60% of Safe Harbour certified companies. Beyond annulling the validity of transfers under this widely used legal instrument, this Judgement has caused regulators to cast doubt on the use of alternative transfer mechanisms such as Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs) in the EUUS context calling into question the viability of all transatlantic data transfers. This legal uncertainty has to stop.

We applaud the efforts of the European Commission to ensure that the new transfer tool is a solid mechanism that can withstand any test, including a possible Court challenge. We believe that the EU-US Privacy Shield achieves this goal and is an instrument that can reinstall much needed legal certainty. We encourage policy makers to review the recent legal study published by Hogan Lovells, particularly Section 6.5 (See Annex), which sets out arguments as to why the Privacy Shield meets the criteria of the Schrems Decision. We also take note of the yearly review mechanism and suspension clause, as well as the reinforced and institutionalised collaboration between the EU and the US authorities. These will allow for any necessary adjustments in the future.

The new framework is also more demanding on companies, placing strict rules for the onward transfer of data by requiring a contract for data sharing with any third party. Companies will also be required to respond to user complaints within 45 days. Such requirements go beyond the requirements found in the new General Data Protection Regulation (GDPR). While such obligations will be difficult for companies, DIGITALEUROPE members are ready to meet the compliance challenge. They are ready to do this not only because it is necessary from a legal point of view, but because it is good for data protection and strong data protection is critical to rebuilding transatlantic trust.

Data transfers are an essential part of our interconnected world and we need strong legal instruments that companies can confidently rely on to ensure that such transfers respect legal requirements and include the necessary safeguards to maintain a high level of protection of personal data. The legal instruments that European data protection regulators and decision makers have put in place, such as the SCCs, BCRs and now the Privacy Shield are in place to ensure this. Our members take compliance with these instruments very seriously and are deeply committed to abiding by the legal requirements that ensure a high level of data protection when transferring data across borders.

However, after months of uncertainty, it is time to restore trust and legal certainty for citizens and for the thousands of European and American businesses, both large and small, that depend on transatlantic data transfers. We cannot build a successful Digital Single Market without allowing companies to scale up and reach global markets.

DIGITALEUROPE thus urges all decision makers to ensure a swift adoption of the Privacy Shield and reaffirm the use of the alternative transfer mechanisms.

Sincerely,

John Higgins
Director General
DIGITALEUROPE

Back to Data privacy
View the complete Policy Paper
PDF
Our resources on Data privacy
Press Release 25 Nov 2019
ePrivacy at a crossroads: Time for a fresh start
Publication & Brochure 25 Nov 2019
Study of proposal for an ePrivacy Regulation
Policy Paper 15 Nov 2019
The proposed e-evidence package in light of the Council’s General Approach
Hit enter to search or ESC to close