Compliance Management, Network Security, Privacy

EU commish puts Trump on notice about straying from Privacy Shield

If the Trump administration doesn't stick to the terms of the Privacy Shield, the EU will yank it, EU Justice Commissioner Vera Jourova said Thursday.

“If there is a significant change, we will suspend” it, Jourova told Bloomberg. “I will not hesitate to do it. There's too much at stake.”

Those words came as no surprise to Aaron Tantleff, partner, privacy, security & information management practice, at law firm Foley & Lardner LLP. “I have been telling clients, colleagues and everyone else who would listen that this was a real possibility. This latest turn of events was completely expected; from my perspective,” Tantleff told SC Media. “ When clients ask about Privacy Shield, I always bring up this possibility and suggest that we discuss whether alternative methods of transfer are appropriate for consideration.”

The suspension of Privacy Shield likely “would put organizations into a legal limbo worse than what they went through after Safe Harbor was invalidated,” Tantleff said. “At least at that time, there was a common understanding and cooperation amongst all the interested parties for the development of a mutually acceptable replacement. Organizations, during the development of Privacy Shield and the transition period, could proceed with their regular transfer of personal data despite a formalized, approved replacement for Safe Harbor; subject to certain conditions.”

Recent U.S. political developments have drawn fire from leading civil liberties and human rights groups that contend they threaten the foundation of the EU Privacy Shield regime.

In an open letter to leading European Union officials, from the American Civil Liberties Union (ACLU) and Human Rights Watch (HRW) hit out at the new administration and potential threats to Privacy Shield.

The letter points to two principal threats to European citizens' data, both stemming from political developments on the other side of the Atlantic. The first is President Trump's Executive Order: Enhancing Public Safety in the Interior of the United States, which does not extend the Privacy Act protections that citizens enjoy to non-citizens and permanent residents.

As a result, says the letter, “People in the EU have diminished protections when it comes to limits on dissemination of their personal information, the right to access their private information held by the U.S. government, and the right to request corrections to their information.”

The questions raised by the executive order prompted the commission to ask the U.S. for clarification that EU citizens wouldn't be impacted by the action.

Acting Federal Trade Commission (FTC) Chairwoman Maureen Ohlhausen, recently offered reassurance at a U.S. Chamber of Commerce event that the commission would “continue to enforce the Privacy Shield protections” and we hopefully move forward.

“In my opinion, nothing has changed,” she said.

A second bone of contention among rights groups is over the U.S. Privacy and Civil Liberties Oversight Board (PCLOB), an executive body which advises the president on data protection issues. While the letter acknowledges the use of the body, it adds, “The PCLOB has never provided remedies for rights violations or functioned as a sufficient mechanism to protect personal data.” Currently, the PCLOB lacks a quorum, meaning it cannot issue public reports and recommendations, assist the ombudsman created by the Privacy Shield framework or carry out other basic tasks.

Noting that the EU “expects continuity” and she will not let her vigilance flag, Jourova made it clear in Thursday's interview that she will be seeking “reconfirmation and reassurances when I will go to Washington” in late March.

“Unpredictability is a problem if you need to trust something,” she said.

Tantleff called putting Privacy Shield's fate in jeopardy “a bad business decision for all parties involved, regardless of which side of the Atlantic one hails from,” because digital trade is too valuable “to risk for any organization trading in the EU-U.S. digital economy.” Consumers, too, would be negatively affected.  

“While many have commented that they could not imagine President Trump putting Privacy Shield in harm's way – after all, he's a businessman and absolutely understands the value of Privacy Shield to the U.S. economy and to U.S. businesses – President Trump's agenda is focusing domestically. That may directly conflict with the purpose of Privacy Shield,” said Tantleff. “I'm not saying that President Trump intends to derail Privacy Shield, but certain actions being taken by this administration could lead to the suspension of Privacy Shield. We may leave the EU Commission and Parliament with no choice.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.