With the passing of the deadline for companies to stop relying on Safe Harbor rules, a successor mechanism – the ‘Privacy Shield’ (PS) has been hurriedly announced by the European Commission and the US Commerce Department. Unfortunately, details of the PS have yet to be revealed so employers must continue relying for the time being on standard contractual clauses (SCC) and binding corporate rules (BCR) to remain compliant.
Privacy has become an international battlefield with otherwise unimportant fringe organisations like the Electronic Privacy Information Center (EPIC) and the EU’s Article 29 Working Party (A29) winning the war. EPIC has already issued a Freedom of information request in order to give it a chance to oppose the PS and likewise the A29 Committee has announced that it is going to call an extraordinary meeting to assess if PS overcomes their and the European Court of Justice’s fixation about the US National Security Agency gaining access to personal date once it leaves European shores.
The A29 Committee has, however, indicated that it will continue to scrutinize the level of protection offered by SCC and BCR. It remains highly likely that these, too, will be eventually undermined. Fortunately, employers can safely ignore the A29 provided it does not scare the Commission into taking further action or find a further case to put before the European Court of Justice. Unfortunately, because of its covert situation the NSA cannot make its own case for access to personal data and, in the wake of the Snowden revelations, many European politicians are not inclined to step in to silence such organisations as A29. The threat to the EU of an information blockade could seriously harm its economy, but it now remains down to multinational organisations to oppose the undue power of privacy campaigners.