The Alliance got a chance to sit down with Linda Corugedo-Steneberg, Principal Adviser at DG Content and Technologies, to discuss the DSM and the new EU - U.S. Privacy Shield agreement.
Born and raised in Stockholm, Sweden, Steneberg joined the Swedish Foreign Service and served abroad in Bangkok, Brussels, Madrid and Geneva. She specialized in EU matters, political affairs in Southeast Asia and trade negotiations. Steneberg joined the Commission in 1996 and worked as Head of representation in Stockholm, at DG COMM she was Head of Unit for three different Units and Director of Resources in DG ECFIN. She joined DG CONNECT in 2011 and served as Director for General affairs and Cooperation.
We had the pleasure to meet with her in November, when she joined the "Apps Alliance Tech Policy Roundtable: Safe Harbour Ruling, Impact on SMEs and Digital Startups". It was great to hear her views and insights on the issues after the EU and U.S. were able to negotiate Safe Harbor’s successor, the EU-U.S. Privacy Shield.
Application Developers Alliance: The European Commission is a complex Institution where thousands of professionals bring their knowledge and expertise on a variety of topics. Could you talk a bit about your role as principal advisor at DG CONNECT, and what you focus on?
Linda Corugedo-Steneberg: DG CONNECT helps to harness information and utilize communications technologies in order to increase the level of employment, while generating economic growth; our main focus is to build on the greater empowerment -- which digital technologies can bring -- in order to create a better world for future generations. Presently, I am busy promoting the global aspect of the European Commission’s Digital Single Market Strategy which consists of 16 initiatives that will help create a consistent set of rules for digital matters across the EU's 28 Member States. I am also focussing on following-up on the EU-U.S. Privacy Shield negotiations.
Application Developers Alliance: The new EU-U.S. Privacy Shield agreement was successfully made in February, what is the agreement about and why is it necessary?
Linda Corugedo-Steneberg: The need for Privacy Shield arose from the European Court of Justice’s invalidation of the Safe Harbor method, which transferred data across the transatlantic . This left businesses in Europe in a situation of uncertainty over the legality of their data transfers and necessitated a swift and comprehensive new agreement.
The new agreement creates a framework of rules for transatlantic data flows under which businesses who sign must comply. The Privacy Shield agreement is intended to guarantee the personal data of European Union citizens the same privacy protections as when they are processed in the U.S.; additionally, Privacy Shield instills a new range of redress mechanisms so that organizations participating in Privacy Shield must address any complaints directly from individuals in the EU within 45 days and also provide a cost-free independent recourse mechanism for investigating and resolving complaints. In addition there are other redress mechanisms.
Application Developers Alliance: What are the implications of the agreement on European Businesses?
Linda Corugedo-Steneberg: Firstly – signing up is voluntary but compliance is compulsory. Once signed up, businesses must comply with the Shield’s framework. Companies that decide not to sign won’t benefit from the regime nor will be included in the Privacy Shield, and will have to rely on alternative data transfer mechanisms.
Secondly - the agreement is a welcome relief for businesses after some months of uncertainty following the invalidation of Safe Harbor. It ushers in a period of transparency, predictability and safety in data transfers. Under the new agreement, businesses will be able to transfer data with confidence as they are complying with a clear and harmonised set of rules.
Application Developers Alliance: The agreement has come under some criticism, notably from Max Schrems and the Art. 29 Working party; what does this mean for the future of the agreement?
Linda Corugeda-Steneberg: On April 13th, 2016 the Representative body of the EU’s Data Protection Authorities published its opinions on the text of the Privacy Shield, specifically asking for clarifications on the powers of the ombudsman, assurances on bulk data collection and a review of the privacy shield data transfer framework in two years. We welcome the work of Art. 29 WP and their attention to ensuring the highest privacy standards; our goal is that the Commission’s adequacy decision implementing the agreement on the EU side will be in place in June. We will take a number of the recommendations from the Article 29 Working Party into account.
Application Developers Alliance: What’s next for Privacy Shield?
Linda Corugedo-Steneberg: Consultations with the EU Member States are on-going through the month of April, but we will meet the again throughout the month of May.
Application Developers Alliance: Is there any way that industries, entrepreneurs, and digital startups can provide their input and feedback about Privacy Shield, and how can they effectively prepare their businesses for it?
Linda Corugedo-Steneberg: We will be very interested in getting feedback for the annual review. I would recommend reading the agreement through including annexes from several US authorities that form part of the agreement. DG JUST will also produce a handbook that will make application easier.