Microsoft Backs Privacy Shield, but European Consumer Alliance Gives Thumbs Down

proposed trans-Atlantic data transfer agreement to replace the old safe harbor framework (see 1602020040), he wrote, acknowledging its effectiveness rests on companies' "responsible steps" to comply. Microsoft, he said, will sign up for the voluntary framework and "put in place commitments to advance privacy as this instrument is implemented." When an eligible company publicly commits to comply with Privacy Shield requirements, its commitment is enforceable under U.S. law. However, an alliance of 41 independent national consumer groups from 31 European countries known as BEUC said the proposed framework doesn't adequately protect consumers' privacy and data and recommended it be jettisoned, in a letter to Isabelle Falque-Pierrotin, who chairs the European Commission's Article 29 Data Protection Working Party. That committee, comprised of the national data protection authorities from the 28 member states, is expected to offer a nonbinding opinion Wednesday. The EC is expected to adopt Privacy Shield this summer, but many have predicted the agreement would be immediately challenged in court like safe harbor, which the European Court of Justice invalidated in October (see 1510060001). Since the EU and U.S. privacy regimes "are oceans apart" in approach and substance, BEUC said it's "hard to grasp" that the U.S. regime can be considered "essentially equivalent" to the European level, which will be made stronger with the proposed general data protection regulation (see 1512160001). The European Parliament is expected to approve GDPR this week, though the new regulation won't be implemented for another two years.