Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
European Union privacy regulators will soon question President Donald Trump on the U.S. commitment to the EU-U.S. Privacy Shield data transfer pact.
Although Trump’s Jan. 25 immigration executive order limiting extension of the Privacy Act to non-U.S. citizens doesn’t have a direct legal effect on the Privacy Shield, it has raised concerns over U.S. intentions. The Article 29 Working Party of data protection officials from the 28 EU countries said in a Feb. 16 statement that it would write to the Trump administration “pointing out concerns and asking for clarifications on the possible impact” the order may have on the Privacy Shield.
The Privacy Shield allows U.S. companies that self-certify with the Commerce Department their compliance with EU-approved privacy and security principles to legally transfer personal data from the EU to the U.S. The Privacy Shield is relied upon by over 1,000 U.S. companies, including Alphabet Inc.'s Google, Microsoft Corp. and Facebook Inc., as well as thousands more EU companies that send data to those U.S. companies.
An Art. 29 Party spokeswoman told Bloomberg BNA Feb. 17 that the group would publish a letter to the Trump administration on the Privacy Shield within the next 10 days.
The executive order at issue has been stayed by the U.S. Court of Appeals for the Ninth Circuit. However, the Trump administration has vowed to issue a new immigration executive order.
A White House official familiar with the matter told Bloomberg BNA Feb. 17 on background that the executive order applies to agencies only “to the extent within applicable law” and that the “Trump administration will ensure that no privacy laws are violated.” It is too early to speculate on whether there would be similar language in upcoming executive orders, the official said.
The regulators also said, in the statement, that it is delaying its next round of guidance on the EU’s new privacy regime until at least April.
Daniel Fesler, a partner with Baker McKenzie in Brussels, told Bloomberg BNA Feb. 17 that the late delivery of guidance could mean that companies will need to review their data protection compliance programs late in 2017 or in 2018, shortly before the EU General Data Protection Regulation (GDPR) takes effect in May 2018. That could be “extremely cumbersome” and “a challenge for organizations trying to prepare themselves,” Fesler said.
Privacy advocates raised concerns over Trump’s executive order when it was issued. But attorneys and political leaders on both sides of the Atlantic tried to quell the storm, saying the order was aimed at immigration and national security concerns rather than commercial data transfer arrangements. The order is also limited to actions that aren’t already authorized by law. The Redress Act authorizes EU citizens to utilize the Privacy Act to complain about alleged government misuse of personal data transferred under the Privacy Shield. The Obama administration’s Department of Justice specifically included EU countries as being covered by the Redress Act.
European Commission spokesman Christian Wigand told Bloomberg BNA Feb. 17 that the commission, the EU’s executive arm, had already contacted U.S. officials “to ask for some clarifications on the U.S. Judicial Redress Act.” Wigand didn’t give details of the commission’s specific concerns.
EU privacy regulators are authorized to “enforce and uphold individual rights. They do this independently and are therefore free to raise questions with U.S. counterparts,” Wigand said.
Mauricio Paez, a privacy and data protection partner with Jones Day in New York, told Bloomberg BNA Feb. 17 that the EU privacy regulators weren’t being unreasonable in asking the Trump administration about the Privacy Shield. EU data privacy regulators have a “great interest in understanding these questions and the administration’s views,” he said.
The privacy regulators also are moving forward with guidance on the GDPR. Parts of the guidance are expected in April, while others won’t be available until the later part of 2017.
Guidance on data protection impact assessments that must be carried out under the GDPR for high-risk processing would be provisionally adopted in April, the Art. 29 statement said.
The working party indicated that new guidance on consent, profiling and notification of data breaches, which is prioritized for 2017, would likely appear later in the year. A workshop on those issues is slated for April, they said.
To contact the reporter on this story: Stephen Gardner in Brussels at email@example.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)