The Article 29 Working Party, a committee made of representatives from national data protection authorities based across the EU, said it plans to adopt an opinion on the EU-US Privacy Shield at a meeting it has scheduled for 12 and 13 April.
Data protection law expert Kuan Hon of Pinsent Masons, the law firm behind Out-Law.com, said the Working Party's opinion will also address the validity of other mechanisms that organisations rely on to transfer personal data to the US from the EU, including model clauses and binding corporate rules (BCRs).
The EU-US Privacy Shield is a framework that has been proposed to facilitate the transfer of personal data between the EU and US. A previous data transfer framework that EU and US officials put in place in 2000, the safe harbour agreement, was invalidated by the EU's highest court in October last year.
Earlier this week the European Commission published a range of documents that underpin the Privacy Shield. Included in those papers was a draft 'adequacy decision' of the Commission which outlined its view that data transfers to the US made under the EU-US Privacy Shield will correspond to EU data protection law requirements. The privacy principles that businesses will have to comply with if they sign up to the Privacy Shield were also detailed in the documents published by the Commission.
The Article 29 Working Party said it would "now assess these documents in order to give its opinion on the level of protection afforded by the EU-US Privacy Shield".
"To this end, the relevant subgroups of the Working Party will be mobilised and will analyse the safeguards provided for in the arrangement on both the commercial aspects and the limitations for national security, public interests and law enforcement purposes," the Working Party said.
"On the basis of the work of the different subgroups, the Future of Privacy subgroup will finalise the Working Party’s draft opinion which will then be adopted at the next plenary meeting on 12 and 13 April 2016," it said.
In a statement, the German Data Protection Association (GDPA), a non-profit body, said the Working Party should not to give its support to the Commission's finding that the Privacy Shield provides for adequate data protection (2-page / 40KB PDF). Former data protection supervisor for the German state of Schleswig-Holstein, Thilo Weichert, backs the GDPA's position.
In February when the EU-US Privacy Shield was first announced the Commission said that, once a draft adequacy decision was prepared, the new framework could be adopted "after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the member states" (the Article 31 Committee).
According to the Working Party's statement, the Article 31 Committee's opinion will be issued after the Working Party issues its. According to the Data Protection Directive, a representative from the Commission will determine the time limit for issuing an opinion "according to the urgency of the matter".