U.S. Assures EU Minister as Data-Transfer Privacy Review Begins

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

The U.S. is committed to its privacy protection promises in the Privacy Shield data transfer pact with the European Union, Commerce Secretary Wilbur Ross assured EU Justice Commissioner Vera Jourova in a Sept. 18 meeting, Jourova told Bloomberg BNA.

Calming EU concerns that the U.S. government may engage in unwarranted mass surveillance of data transferred to the U.S. is important if the Privacy Shield is to continue.

In an interview with Bloomberg BNA, Jourova said that the U.S. needs to be committed to the Privacy Shield’s privacy protections, every day and on all issues, not just on selective cases. If the annual review reveals “big systemic errors” by U.S. bodies, Jourova said, “the option of suspending the Privacy Shield is real.” She said the Privacy Shield must be a “secure solution,” and that she would not hesitate to act to protect EU citizens’ privacy.

The continuing functioning of the Privacy Shield is critical because nearly 2,500 U.S. companies and tens of thousands of EU companies rely on it to transfer data legally from the EU to U.S. companies that self-certify to the U.S. Department of Commerce their compliance with EU privacy principles.

Ross and Jourova met as a high-level kickoff to the first annual review of the trans-Atlantic EU-U.S. data transfer framework underway in Washington. EU “experts are working with U.S. counterparts” and should get feedback soon on the first-year performance of the framework, Jourova said. The European Commission, the EU’s executive arm, plans to issue its Privacy Shield report in October.

Jourova stressed to Ross the importance of a “robust and trustworthy annual review,” Christian Wigand, a commission spokesman, told Bloomberg BNA.

Jourova’s next stop will be the West Coast to meet with leaders at technology companies, including Alphabet Inc.'s Google and Facebook Inc. Jourova plans to ask the tech companies about their experiences with government national security requests for access to consumer data.

“Data is the currency of the 21st century,” and it needs to be protected from access by national security bodies, as well from being monetized without consent, Jourova said.

Ombudsman Role

The Privacy Shield replaced a data transfer agreement that was invalidated by the EU’s top court, in part, over concerns that data transferred to the U.S. might be subject to government misuse. The U.S. and EU agreed to review the replacement Privacy Shield each year to assess how well new privacy protections are working.

As written, the U.S. commitment to the ombudsman position is fine—but the review will evaluate how the position is actually functioning in practice, Jourva said.

The pact required the U.S. to appoint an ombudsman to whom individuals can refer any complaints about U.S. authorities’ data surveillance. The Trump administration hasn’t appointed a permanent ombudsman, a position housed within the U.S. Department of State. The position is being temporarily filled by Judith Garber, acting assistant secretary for oceans, environment and science.

The ombudsman position grew out of Privacy Shield negotiations and, so, is more significant than other positions with oversight roles, Kendall Burman, privacy counsel at Mayer Brown LLP in Washington, told Bloomberg BNA. The strength of the ombudsman position signals commitment to upholding the Privacy Shield framework, she said.

Jourova said she also voiced concern to Ross over the lack of staffing across various U.S. agencies. The Trump administration has said that “it takes time to find the proper people,” Jourova said, but vacancies at the Federal Trade Commission, the Privacy and Civil Liberties Oversight Board, and other agencies are “problematic.”

The FTC at present only has two commissioners, Maureen Ohlhausen (R) and Terrell McSweeny (D). At full strength, the FTC has five Senate-confirmed members appointed to seven-year terms.

The PCLOB only has one member, and the administration has announced the nomination Adam I. Klein as chairman. But even with two members the board doesn’t have a quorum to conduct new business. The PCLOB is an independent, bipartisan executive branch agency created in the wake of 9/11 to ensure the consideration of privacy and civil liberties for government anti-terrorism and homeland security initiatives. At full strength, the board consists of five members.

The White House said in a Sept. 15 statement that the Privacy Shield review “will demonstrate the strength of the American promise to protect the personal data of citizens on both sides of the Atlantic.”

With assistance from George Lynch in WashingtonTo contact the reporter on this story: Jimmy H. Koo in Washington at jkoo@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security