U.S. Must Reassure EU on Privacy Protections, Official Says

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

The U.S. must reassure the European Union that it remains faithful to surveillance and privacy promises to maintain the EU-U.S. Privacy Shield cross-border data transfer program, EU Justice Commissioner Vera Jourova told Bloomberg BNA March 29.

Jourova, the EU’s top data protection official, said she remains “strongly committed” to the Privacy Shield and wants U.S. Commerce Secretary Wilbur Ross and other Trump administration officials to “reaffirm” their commitment to the linchpin data transfer pact. But so far, there has been little reason “to doubt the commitment of the new government,” and President Donald Trump “understands the economic importance” of the Privacy Shield, she said.

The Privacy Shield, administered by the Commerce Department, allows companies that self-declare their compliance with EU-approved privacy and security principles to transfer personal data from the EU to the U.S. More than 1,800 U.S. companies have registered for the program, including Microsoft Corp., Facebook Inc. and Alphabet Inc.'s Google. Without the program, it would be far more cumbersome for thousands of U.S. companies to transfer personal data out of the EU. That could slow electronic commerce between the U.S. and EU nations to a crawl.

Cameron Kerry, senior counsel at Sidley Austin LLP and former general counsel and acting secretary at Commerce, told Bloomberg BNA March 29 that he doesn’t expect Ross or the Trump administration to upend the important data transfer framework. Ross’ "knowledge of trade and commerce will be important elements in ensuring the administration fully gets the importance of the Privacy Shield to U.S. businesses” and the economy, he said.

However, the U.S. must make “affirmative steps” to ease corporate concerns that it will maintain important privacy protections such as Presidential Policy Directive 28 (PPD-28), Kerry said. These are important to international trade but also are “important steps toward developing norms for how all governments behave in cyberspace,” he said.

Ahead of the important Privacy Shield annual review on tap for this summer, Jourova is slated to meet with Ross and Acting Federal Trade Commission Chairman Maureen Ohlhausen March 30. She will also meet with U.S. Attorney General Jeff Sessions and Rep. Jim Sensenbrenner (R-Wis.) this week.

Spokesmen for Commerce and the FTC didn’t immediately respond to Bloomberg BNA’s email requests for comment.

U.S. Surveillance Practices

The U.S. also must remain committed to its existing surveillance policies for the Privacy Shield to be effective, Jourova said.

It is important for the U.S. to live up to its commitments surrounding “indiscriminate surveillance, which relies, among others,” on PPD-28, the directive aimed at limiting the data intelligence authorities can collect and process, Jourova said. She hopes to “remind” U.S. officials “that privacy is valued highly and in a different way” in EU countries “than in the U.S.”

Brian Hengesbaugh, data protection partner at Baker McKenzie in Chicago, told Bloomberg BNA March 29 that the Trump administration should “take into consideration the implications for the Privacy Shield” when it reviews U.S. surveillance policy. However, Trump more than likely won’t advocate for “indiscriminate government surveillance,” he said.

One such policy, Section 702 of the Foreign Intelligence Surveillance Act (FISA), authorizes the National Security Agency to collect digital communications of foreign citizens outside the U.S. from internet service and other communications providers. It is set to expire Dec. 31 but will likely be renewed. Maintaining limits on the law is important to quell EU concerns.

These concerns were also raised by lawmakers in the European Parliament Civil Liberties, Justice and Home Affairs Committee (LIBE). The EU lawmakers said, in a March 23 draft resolution, that the Privacy Shield annual review scheduled for this summer should focus on continued U.S. surveillance of foreigners abroad and the viability of redress mechanisms for EU citizens over alleged U.S. government misuse of data.

Bart Forsyth, chief of staff for Sensenbrenner, told Bloomberg BNA March 29 that the congressman will meet with Jourova to discuss “trans-Atlantic trade issues” and to ease concerns related to U.S. surveillance abroad. Sensenbrenner is committed to PPD-28 and will try to reassure Jourova that there haven’t been efforts to undermine U.S. privacy protections or surveillance policies, he said.

Sensenbrenner will try to convey to Jourova that the EU must “not panic,” and that the U.S. is “committed to the Privacy Shield,” Forsyth said.

Legal Certainty

Jourova and others touted the Privacy Shield as important to reducing uncertainty. The cross-border data transfer program helps “ensure legal certainty for businesses,” Jourova said.

Alexander H. Southwell, privacy partner at Gibson, Dunn & Crutcher LLP in New York, told Bloomberg BNA March 29 that the Privacy Shield “has provided an important measure of predictability to global companies dealing with data transfers.” Any action taken to undermine the Privacy Shield will cause “unpredictability and uncertainty” and won’t “be good for the economy, particularly for U.S. companies,” he said.

U.S. companies have seen benefits from participating in the Privacy Shield, as the program is critical for U.S. jobs, Hengesbaugh said. “Cross-border data transfers of data with” the EU is important for many sectors across the U.S., he said.

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security