The German briefing document calls for the working party's executive summary to state: "Until these issues are addressed, the WP29 considers it is not in a position to reach an overall conclusion on the draft adequacy decision. It stresses that some of the clarifications and concerns – in particular relating to national security – may also impact the viability of the other transfer tools."
It also wants the working party report to conclude: "Therefore, the WP29 is not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection that is essentially equivalent to that in the EU."
The German delegation wants the European Commission to remove from the adequacy decision any references to the Working Party's approval, and it wants Privacy Shield to be referred to the CJEU if the Commission goes ahead without taking into account the working party's criticisms, according to the document downloaded by Piltz. The German authorities have since removed copies of the document from their websites, he wrote Friday.
The contents of the leak did not surprise Aaron Tantleff, intellectual property attorney at Foley and Lardner.
"The purpose of Privacy Shield was to ensure that there was a mechanism in place to ensure a level of protection in the U.S. that is essentially equivalent to that in the EU. Based upon the current draft of the Privacy Shield framework agreement, I can see how one may find that the current draft does not appear to satisfy this requirement," he said.
The data protection authorities don't get the last word on Privacy Shield. Their opinion is only advisory, and there are other bodies that have yet to weigh in, including the European Parliament.
Sign up for Computerworld eNewsletters.