Leading civil liberties and human rights groups have declared that recent US political developments have threatened the foundation of the EU Privacy Shield regime
Figures from the American Civil Liberties Union (ACLU) and Human Rights Watch (HRW) hit out at the new administration and the Privacy Shield regime in an open letter to leading European Union officials.
The letter points to two principal threats to European citizens' data, both stemming from political developments on the other side of the Atlantic. The first is President Trump's Executive Order: Enhancing Public Safety in the Interior of the United States, which does not extend the Privacy Act protections that citizens enjoy to non-citizens and permanent residents.
As a result, says the letter, “People in the EU have diminished protections when it comes to limits on dissemination of their personal information, the right to access their private information held by the US government, and the right to request corrections to their information.”
The second is the US Privacy and Civil Liberties Oversight Board (PCLOB), an executive body which advises the president on data protection issues. While the letter acknowledges the use of the body, it adds, “The PCLOB has never provided remedies for rights violations or functioned as a sufficient mechanism to protect personal data.” Currently, the PCLOB lacks a quorum, meaning it cannot issue public reports and recommendations, assist the ombudsman created by the Privacy Shield framework or carry out other basic tasks.
Both present fundamental problems with the application of the Privacy Shield framework.
The letter is addressed to, among others, Věra Jourová, commissioner for Justice, Consumers and Gender Equality at the European Commission; Claude Moraes, chairman for the Committee on Civil Liberties, Justice and Home Affairs at the European Parliament; and Isabelle Falque-Pierrotin, chairwoman of the Article 29 Working Party which oversaw the development of Privacy Shield.
Privacy Shield is a framework for the exchange of personal data for commercial purposes between the US and the EU. It was established after the previous Safe Harbour principles were struck down by the European Court of Justice for failing to adequately protect EU citizens against American surveillance practices. The final version of Privacy Shield was approved on 8 July 2016 and went into effect several days later.
The new regime has been criticised, labelled as insufficient by some and unworkable by others. The letter's authors cite the Schrems judgement in which the European Court of Justice declared in the judgement that Articles seven and eight – respect for private and family life and protection of personal data – of the EU Charter of Fundamental Rights require “clear and precise rules” about measures that might impinge on privacy as well as “minimum safeguards” against abuse and unlawful access.The effective functioning of Privacy Shield, the authors write, requires such assurances from the US government and, without them, raise concerning questions around the privacy regime's efficacy.