EU-U.S. Agreement on Law Enforcement Data; European Data Protection Supervisor Criticizes Privacy Shield; House Members Criticize FCC Privacy Proposal; NHTSA Targets Automotive Cybersecurity; Yahoo Releases National Security Letters; CareFirst Data Breach Lawsuit Dismissed; FDA Guidance on Data Protection in Investigations
EU and U.S. sign Umbrella Agreement on Law Enforcement Data
On June 2, 2016, Vera Jourová, European Commissioner for Justice and Consumer Protection, Dutch minister Ard van der Steur and U.S. Attorney General Loretta E. Lynch signed the “Umbrella Agreement”, a deal between the U.S. and the EU “on the protection of personal information relating to the prevention, investigation, detection and prosecution of criminal offenses”. The agreement aims at enhancing the cooperation of the EU and the U.S. in criminal enforcement (including terrorism), while at the same time protecting personal data of European citizens, when transferred from the EU to the U.S. for criminal investigations.
The text of the agreement, which was negotiated over a long period due in part to a Court of Justice of the EU (ECJ) finding that European citizens lacked adequate rights of redress, includes provisions on purpose limitation, information security, data retention, rights of data subjects, breach notifications and onward transfers. A “fact sheet”-FAQ is available on the Commission’s website. Before the agreement can be finally concluded, the European Parliament will still need to give its consent.
European Data Protection Supervisor criticizes “EU-U.S. Privacy Shield”
On May 30, the European Data Protection Supervisor (EDPS), Giovanni Buttarelli, issued an opinion on the draft “EU-U.S. Privacy Shield (“Privacy Shield”), which is in line with the criticism previously raised by the Article 29 Working Party and the European Parliament.