EU Privacy Leader Questions Trump Support for Data Transfer Pact

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By George Lynch

European policymakers are worried that the White House doesn’t strongly back the existing U.S. commitment to the EU-U.S. Privacy Shield data transfer mechanism, a leading European Parliament lawmaker said July 19.

Amendments to strengthen privacy protections for EU citizens, including further restrictions on the sharing of personal data transferred to the U.S., would solidify the Privacy Shield, said Jan Philipp Albrecht, a German Green, at a Brookings Institution event.

Approving the pact was “already a hard compromise and the political pressure is very high,” Albrecht said.

The Privacy Shield is used by more than 2,100 U.S. companies, including Facebook Inc., Alphabet Inc.'s Google, and Microsoft Corp., to transfer data out of the EU more easily. Participating companies must certify to the U.S. Department of Commerce their compliance with EU-approved privacy principles. Limiting U.S. government access to data once it is moved to the U.S. is a fundamental basis underlying the EU’s approval of the system.

An EU delegation led by the European Commission, the EU’s executive arm, is scheduled to travel to the U.S. the week of Sept. 18 as part of the first annual review of the Privacy Shield. Albrecht, the vice-chairman of the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) is meeting with U.S. lawmakers and other government officials this week. The committee has jurisdiction over most EU privacy issues, including the Privacy Shield.

The upcoming review of the Privacy Shield by EU officials will provide an opportunity for improving the agreement, Albrecht said.

It is unclear whether the Trump administration will stand by commitments the Obama administration made to limit government surveillance and acknowledge protections for EU citizens, Albrecht said.

EU officials will insist that the prior commitments be maintained because it is already difficult to for EU policymakers to justify their decisions to EU citizens, Albrecht said. The EU lawmaker led efforts to pass the EU General Data Protection Regulation (GDPR), the bloc’s new privacy regime that takes effect May 25, 2018.

Despite European concerns, the legal mechanisms set by Congress for EU citizens to file complaints alleging any U.S. overreach in accessing data transferred to companies under the Privacy Shield appear to have solid support, Albrecht said. The mechanism the U.S. established in the Judicial Redress Act and a EU-U.S. law enforcement information-sharing agreement have strong congressional backing, he said.

James Koenig, co-chair of the privacy & cybersecurity group at Fenwick & West LLP in New York, told Bloomberg BNA that Commerce and the Federal Trade Commission, which has enforcement oversight authority over the Privacy Shield program, “have enhanced both the people and the processes accountable for overseeing the Privacy Shield program.”

Koenig said that any possible disruption or temporary solution that will cause changes to trans-Atlantic data flows compliance programs for companies in addition to the GDPR will cause “both fatigue and hyperventilation.” Politicians, companies, and regulators need to “work together to promote consistency and dependability under which business, new technologies, and consumer privacy can all flourish,” Koenig said.

FISA Extension

Approving the pact was “already a hard compromise and the political pressure is very high,” he said.

Albrecht said Congress should extend privacy safeguards in Section 702 of the U.S. Foreign Intelligence Surveillance Act to limit surveillance and data collection aimed at EU citizens.

Congress must reauthorize Section 702 by the end of the year, when it is scheduled to expire. Some lawmakers are promoting making the language permanent rather than having to reauthorize it periodically. But Albrecht voiced support for a temporary extension of the FISA provisions.

Given that there will be a review of the Privacy Shield every year, it would be good to have a sunset provision for Section 702 so that Congress can be involved in the annual assessment, Albrecht said. “Having a sunset clause in a surveillance law is always a good idea,” he said.

Despite European concerns, there are some privacy issues where the U.S. has the lead over the EU, Albrecht said. For example, there is stronger support in Congress for end-to-end encryption of consumer data that than there is in the European Parliament, he said.

The White House didn’t immediately respond to a Bloomberg BNA email request for comment.

To contact the reporter on this story: Donald Aplin in Washington at daplin@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security