The EU-US Privacy Shield is just a bit more than 6 months old and already has been subject of so many controversial discussions. With signing an executive order on 25 January, the new US President Trump challenged the framework even more…
Trump’s executive order
Section 14 of the “executive order” Trump signed explicitly declares that
“Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
What about the “Judicial Redress Act”?
So, what does this executive order have to do with the Privacy Shield? Well, one of the requirements or “principles” of the EU-US Privacy Shield is “recourse, enforcement and liability” including “recourse mechanisms”. The Judicial Redress Act, passed in February 2016 (which extends Privacy Act protections regarding access, amendment and disclosure to citizens of “covered countries”) plus a related order signed by President Obama, were the milestones to convince the European Commission to sign the shield.
…and the “shield”?
So, will the executive order have any influence on the Privacy Shield?
The Privacy Shield framework was formally adopted on July 12, 2016, replacing the U.S.-EU Safe Harbor framework, which had been invalidated in October 2015 by the Court of Justice of the European Union. US companies which are certified under the shield, show that they will provide privacy protections comparable to those that apply in the EU.
Concerns of tech companies in the US
One of the big issues in the last years has been “cloud computing” and transfer of personal data to cloud providers in the US. The US firms – that rely on cloud computing to manage customer data – are now afraid that Europeans will not be able to use these services anymore – when the Privacy Shield might be challenged. Thus, they are quietly pressing the White House to reassure Europeans the U.S. will stand by recent privacy promises, Fortune Tech reports.
“Transatlantic digital trade is valued at $260 billion annually, and we would encourage the Administration to keep these substantial economic benefits in mind,”
Bijan Madhani, the privacy counsel for the Computer and Communications Industry Association, said according to Fortune.
Discussion in Europe
And the concerns of those companies could be proved true – Europe’s data protection world is upset about Trump’s order and is afraid that US companies will not be able to follow the rules of the Privacy Shield anymore.
Immediately after publication of the executive order Jan Phillip Albrecht, a member of the European Parliament and its rapporteur on data protection regulation, tweeted to suggest that this might invalidate Privacy Shield. Albrecht called in his tweet for immediate suspension of the Privacy Shield.
However, most commentators believe that Trump’s order doesn’t target any of the abovementioned arrangements – and an executive order can’t override a law like Judicial Redress Act. On the other hand, this does not mean that the Privacy Shield will not be the subject of controversial discussions anymore – and it will most likely be challenged in court… Like the EU model clauses, the “other way” to transfer personal data abroad.
The issues of international personal data flows will therefore not be solved soon…