With a new president in the U.S. and U.K. leaving the European Union, the state of privacy agreements is in flux, reports Jeremy Seth Davis.
A vigorous debate over the E.U.-U.S. Privacy Shield pact has raged on between U.S. and European legislators, courts and privacy regulators throughout the past year. As the discussions finally arrived at a tentative resolution, the unexpected results of the U.S. presidential election may now threaten to upend compromises that have been eked out by the contesting parties.
President-elect Donald J. Trump's numerous attacks against privacy and international cooperation throughout the presidential campaign have prompted concerns from information security professionals on both sides of the Atlantic over the effects the administration will have on international legal issues.
Although European privacy regulators – including Article 29 Working Group and Article 31 Working Group – continued to critique the Privacy Shield agreement, the European Commission approved the pact in July. Companies could register for Privacy Shield certification beginning in August.
Many of the most vexing aspects of the international agreement have been decided by the agreement negotiations throughout the summer. The EU has been “hard set” about the requirements needed for U.S. companies to do business in European Union member countries, John Bambenek (left), manager of threat systems at Fidelis Cybersecurity, tells SC Media. “At this point, it's already baked in and doubtful that it would be reopened,” he says.
The self-certification will hold for now “until there is a problem,” says Morey Haber, vice president of technology at BeyondTrust. “When a self-certifying company is found to have been non-compliant with Privacy Shield, some U.S. companies “may lose their entire market share in specific geographies.”
Some pros expressed concern that the new administration's approach may cause unsurmountable roadblocks during upcoming regulatory conversations.
A Congressional aide tells SC Media that he could envision the President-elect rebuffing the EU's data protection concerns about foreign surveillance of Europeans by trying to walk back Privacy Shield.
Bambenek says he expects “privacy will be the loser” when decision points arise during upcoming Privacy Shield negotiations. Trump has signaled that he does not view privacy or international cooperation as priorities, and it will be interesting to note how European regulators and legislators respond to the administration on international issues that require cooperation.
The direction of international legal issues may depend on whether Trump selects cabinet members who prioritize the business opportunities promised by Privacy Shield over the nationalistic America-First sentiments that were expressed during the presidential campaign.