EU will watch Privacy Shield for a year before challenging

Data protection authorities won't comment on the agreement until next summer.


Earlier this month, the European Commission adopted Privacy Shield, an EU-US data privacy agreement. It allows companies like Facebook and Twitter to move EU data to US servers, all the while assuring Europeans their data is still as protected as it was back home. Critics have complained the new arrangement has many of the same flaws as the "Safe Harbour" framework it replaces, and EU data protection authorities had yet to comment on the final deal.

And they won't -- at least for a year. European regulators have announced that Privacy Shield will not be challenged until its first annual review, which is due next summer. This effectively gives the agreement a year-long stay of execution, at least as far as the 28 data protection authorities that cover Europe are concerned. After the year is up, the relevant bodies will either approve the deal wholesale, suggest changes, or file a legal objection. The first option, for what it's worth, is very unlikely given collectively they were generally very displeased about the draft agreement.

The announcement doesn't rule out the possibility of Privacy Shield being attacked in the interim. There are plenty of independent organizations that might choose to challenge its legality -- the Safe Harbour deal it replaced was essentially taken down by an individual who proved it was not sufficient to protect EU citizen's data.