A few hours before the European Commission's announcement of Privacy Shield, that analysis was complete. But, said Falque-Pierrotin, "The announcement is a new fact. It changes the analysis."
Until they have analyzed the documents on which Privacy Shield is based, she said, the DPAs will give the benefit of the doubt to companies relying on alternative data transfer mechanisms such as binding corporate rules and model contract clauses.
Relying on Safe Harbor alone, though, is not a good idea: Hamburg's Commissioner for Data Protection and Freedom of Information Johannes Caspar, also attending the Brussels event, said his office has asked about 40 companies for information concerning their transfer of data to the U.S. as it sought to ensure they had complied with the October court ruling.
John Higgins, director-general of industry lobby group Digital Europe, welcomed the decision on binding corporate rules, saying it "provided businesses operating across all sectors of the economy with the reassurance and legal certainty they needed."
However, in some ways it has only prolonged the uncertainty about whether those mechanisms can be relied on for another three months, because the DPAs' initial conclusion was not positive.
"We have concerns, in particular with the scope of the surveillance and the remedies," Falque-Pierrotin said, suggesting that, before the Commission's announcement of Privacy Shield on Tuesday, the DPAs would have been inclined not to allow companies to transfer data using binding corporate rules or model contract clauses.
"Until we have completed the analysis of the possible consequences of the new arrangements on the legality of the other transfer tools, we consider it is still possible to use the existing transfer mechanisms," she said.
The DPAs will wait for the European Commission to supply the documents on which Privacy Shield is based, she said -- but "not for too long."
Asked whether the documents should be made public, she said: "It's up to the Commission to decide, but for transparency it's important that these commitments be as public as possible."
Sign up for CIO Asia eNewsletters.