Civil liberty groups have decried the new Privacy Shield agreement that covers people's personal data flowing between Europe and the United States.

The rights warriors argue that there needs to be "substantial reforms" to it in order to protect individuals' fundamental rights.

In a letter [PDF] to a number of top-ranking European officials, 27 groups including Amnesty International, the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) said that the replacement to the previous Safe Harbor agreement "will put users at risk, undermine trust in the digital economy, and perpetuate the human rights violations that are already occurring as a result of surveillance programs and other activities."

The groups' main complaints revolve around the continuing state of US law when it comes to surveillance. "The US government continues to deny the relevance and application of the internationally-accepted standards of necessity and proportionality in its surveillance operations," the letter complains.

"In addition, the oversight mechanism established by the Privacy Shield to respond to complaints about US surveillance is not independent, nor does the office come empowered with sufficient authority to initiate investigations or respond adequately to complaints."

As a result, EU citizens "cannot be sure what will happen to their data once transferred to the US."

The letter also claims that the Privacy Shield agreement fails to meet the four key conditions that the EU's data privacy specialists, the Article 29 Working Party, put forward for the new agreement.

And it makes the fair point that since individuals are never notified when their information is collected or used, the remedies written into the new agreement for those who feel their data has been misused "will be unavailable for all practical purposes."

And the answer?

What is the solution that the civil liberties groups offer? Unfortunately it is a wholesale redrawing of US law – something which seems a little beyond the influence of EU policymakers.

"In order for the Privacy Shield to survive, the US must formally commit to substantial reforms to respect human rights and international law," the letter declares.

"The Privacy Shield should be contingent on US legislative reform of surveillance laws within a reasonable time. These reforms must include, at a minimum, the incorporation of human rights standards ... a narrowed definition of 'foreign intelligence information' to limit the scope of data collection, and more limited access to, retention of, and use of data after it is collected. Indiscriminate scanning of communications' content and metadata, specifically, must be discontinued."

While the letter's goals are laudable and its criticisms valid, in reality there is little to nothing that EC officials can do about US legislation. As important as the agreement covering data flows between the two are, it is not enough of a stick to force the US Congress to act beyond what it has currently proposed.

In short, the Privacy Shield represents pragmatic politics in all its ugliness. This letter does serve to remind everyone, however, that the US government maintains an extraordinary and largely secretive ability to carry out mass surveillance of electronic data flows.

The agreement itself is wending its way through a number of different institutions on both sides of the Atlantic in preparation for formal approval later this year. ®