He has called for several changes to be made so that data can be shared internationally without any risks. He wants to be sure that any replacement for Safe Harbour should offer surveillance protection. He is also calling for any new legislation to consider data security and protection rights that have been considered by companies and governments within Europe, particularly in light of the GDPR that is due to come into effect in May 2018.
The data protection authorities in Europe have called for Privacy Shield to be reworked. The authorities believe that the legislation is not good enough. They have concerns that the US will be conducting surveillance on the data of private European citizens. Safe Harbour was abandoned because it did not offer enough data security.
While Privacy Shield would demand an assurance from the authorities in the US that they would not use it to randomly gather data from the EU, the watchdogs in Europe do not think that this is good enough. There are also concerns that the US-provided ombudsperson for the system would not be impartial in the event that an EU citizen complained about the misuse of data.
The EU Commission can still approve Privacy Shield, but if the concerns are not addressed, there could be grounds for legal action in the future. A number of companies have already endorsed Privacy Shield, although some have stated that they will not be relying on it.