Yesterday, May 30, 2016, European Data Protection Supervisor (EDPS) Giovanni Buttarelli, as as independent advisor to the EU institutions, published his Opinion on the EU-U.S. Privacy Shield. Privacy Shield is not robust enough, he says, and significant improvements are needed to withstand future legal scrutiny before the Court of Justice of European Union (CJEU).
For the Privacy Shield to be effective it must provide adequate protection against indiscriminate surveillance as well as obligations on oversight, transparency, redress and data protection rights.
In Opinion EDPS offers practical solutions to address some of the concerns the proposal raises:
fully integrating the data minimisation and data retention principles;
adding safeguards as regards automated processing;
clarifying the purpose limitation principle;
limiting exceptions; and
improving redress and oversight.
Earlier this yer, in April 2016, the Article 29 Working Party issued its own?Opinion on the Privacy Shield proposal to which the EDPS contributed as a member. It contains a detailed legal analysis and request for clarification over a number of concerns.