Personal data: the Privacy Shield, a trompe l’oeil shield?

The European Commission was able to find an agreement in time to fill the legal vacuum created by the cancellation of the Safe Harbor. At stake is maintaining the ability for US companies to manage and exploit the personal data of EU citizens. But the text itself has not been disclosed to the public, nor even presented to the guarantors of the respect of the private life … A lack of transparency which arouses already much skepticism.

The European Commission announced on February 2 have reached an agreement with the government of the United States to manage the exchange of personal data after the invalidation of the previous agreement, Safe Harbor, by the Court of Justice of the European Union in October . The key is the possibility for US providers ( Google , Facebook , Amazon , Microsoft …) to continue to support personal data from the European Union.



Called the “EU-US Privacy Shield”, this new agreement must tighten the regulatory framework for US companies when they import data from European citizens to the United States. The Department of Commerce and the Federal Trade Commission (in charge of consumer law and business practices in the United States) will guarantee the commitments of these companies.


In particular, they committed to increased transparency (with an annual joint EU-US audit leading to a report) and to establishing clear limits on access to these data by US government agencies (such as the NSA or the US). FBI). European citizens will also be able to assert their rights by filing a complaint with either the companies themselves or responsible national bodies (such as CNIL). Finally, an Ombudsman will act as a mediator for complaints and other requests.




If the agreement was welcomed by the European CNIL because it has met the deadline imposed, its adoption is far from done, and its legality is not guaranteed. The text has not been made public, and the only known details are those contained in the press release of the European Commission. The Commission has appointed two members of its college, Andrus Ansip and Vera Jourovà, to take care of its establishment over the next three months. It will then be submitted to the Commission as a whole, then presented to the G29, the consolidation of all the European CNILs, and finally proposed to the United States Government.


Beyond the vagueness that reigns over the details, it is worth remembering that the Safe Harbor (“safe haven”), agreement passed in 2000, was very similar to this new “shield”. It was already an agreement between the Commission and the Department of Commerce, which was based here on a principle of self-regulation and voluntary declaration on the part of the companies concerned, and subject to American law. It remains to be seen how the Privacy Shield will differ from its predecessor in practice, and whether these distinctions will be sufficient to ensure legality in the European Court of Justice.


No “sovereign” public cloud in Europe?


Nice success for Numergy. The CTA consortium, led by the SFR subsidiary , won the European Commission’s call for tenders for the provision of cloud computing services. In addition to Numergy, it includes three European providers of on-demand computing: Portugal Telecom Portuguese, Gigas Spanish and Italian Enter. The contract, signed in November 2015, is just starting to deliver online processing, storage and network services to 56 European entities.

Leave a Reply

Your email address will not be published. Required fields are marked *

News Letters


The European Commission has selected three European reference suppliers, but despite the sensitive nature of the market, it has not ruled out non-European suppliers since it also chose the American IBM and Microsoft. It believes that it has sufficient guarantees in terms of security and location of data. As the notion of sovereign cloud invoked […]

Read More
News Letters

Oracle Database Firewall protects databases by controlling the SQL queries

The new Oracle Database Firewall controls all database traffic and prevents attacks on Oracle and non-Oracle databases. Network-based security software monitors application behavior in real time and protects the database from SQL injection attacks and unauthorized access by enforcing “normal” database query behavior. At the RSA Conference in San Francisco, Oracle has now introduced the […]

Read More
News Letters

Opening of a datacenter, setting up in Lille, hiring of 250 people: Online, Iliad’s cloud subsidiary, in a position to shake up the market

Very secretive so far, Online, Iliad’s cloud subsidiary, is embarking on the market with an integrated industrial model and a strong differentiation strategy. On the agenda: the opening of its fifth and largest data center, the establishment of a center of 100 people in Lille and the hiring of 250 people in 2018. This is […]

Read More