Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Answers to questions surrounding Yahoo! Inc.'s alleged review of consumer e-mails on behalf of the U.S. government present a real test of the strength of new surveillance oversight mechanisms in the EU-U.S. Privacy Shield data transfer program, EU officials told Bloomberg BNA Jan. 13.
Whether incoming President-elect Donald Trump will honor the government surveillance limitation commitments of the Obama administration that underlie the Privacy Shield is also of concern to privacy advocates.
The long-term health of the Privacy Shield is significant to U.S. companies that certify their compliance with EU privacy principles as a means to more easily transfer personal data outside of the EU. Without the Privacy Shield, thousands of companies would be forced to rely on sometimes more cumbersome and time-consuming alternatives to legally move data to the U.S.
Media reports in October 2016 said Yahoo complied with a U.S. government order to scan customer e-mails for specified information. The company responded publicly only that it is a “law-abiding company, and complies with the laws of the United States.”
How the U.S. responds to EU queries on the alleged scanning of user e-mails by Yahoo is viewed as a test of commitments given by the U.S. when the Privacy Shield was negotiated, a European Commission spokeswoman said.
The guarantees in Privacy Shield on limitations and oversight mechanisms in relation to access to personal data for national security reasons are given in the form of a series of letters from Obama administration officials.
Joe McNamee, executive director of EU privacy advocacy group European Digital Rights, told Bloomberg BNA Jan. 13 that “a lot of Privacy Shield is based on documentation from the U.S., the legal relevance of which is unknown.” There are doubts whether U.S. president-elect Donald Trump would “give these the appropriate respect,” McNamee said. Under Trump, “these legally unclear undertakings would be very questionable,” threatening the continuation of Privacy Shield, he added.
The EU’s top data protection official, EU Justice Commissioner Vera Jourova has said the commission will play close attention to the Trump administration’s adherence to the Privacy Shield requirements.
The Trump transition team didn’t immediately respond to Bloomberg BNA’s e-mailed request for comment.
The Privacy Shield is already the subject of a challenge in the EU, with privacy group Digital Rights Ireland filing an action in September 2016 at the EU’s lower court, the General Court, asserting that the Privacy Shield provides insufficient data protection guarantees.
Christian Wigand, a spokesman for Jourova, told Bloomberg BNA that the European Commission asked the Obama administration “for a number of clarifications” in response to “media reports on possible monitoring activities carried out by Yahoo in response to a request by U.S. authorities.”
The U.S. has answered Jourova’s request for clarification, but the commissioner has made public statements indicating a desire for more details, including a Jan. 11 statement to Reuters. The correspondence between the EU and U.S. on the issue hasn’t been made public.
Although Yahoo isn’t certified under the Privacy Shield, the case could have implications for the arrangement because “when it comes to Europeans’ personal data transferred to the U.S. under the EU-U.S. Privacy Shield arrangement, the U.S. has ruled out indiscriminate mass surveillance,” Wigand said.
The commission, the EU’s executive arm, was able to find that Privacy Shield provided an adequate level of protection for the personal data of Europeans in part because the U.S. gave “strong assurances” that public authorities’ access to personal data for law enforcement and national security purposes “is subject to clear limitations, safeguards and oversight mechanisms,” Wigand said.
The Privacy Shield was put in place after the previous U.S.-EU Safe Harbor data transfer plan was invalidated by the EU’s top court on the basis that it didn’t offer sufficient privacy protections. More than 1,400 U.S. companies have certified under Privacy Shield since the program opened in August 2016.
Among the new elements established by Privacy Shield compared to Safe Harbor is an ombudsman in the U.S. State Department to whom individuals can refer any complaints about undue surveillance of data by U.S. authorities. Although created by Privacy Shield, the ombudsman can be called on even in cases involving non-Privacy Shield companies.
Wigand said that when the EU carries out its first mandatory annual review of the Privacy Shield, the effective functioning of the ombudsman will be an important consideration. The commission will publish a first annual review of the functioning of Privacy Shield in summer or fall this year. Jourova has previously said the commission will play close attention to the Trump administration’s adherence to the Privacy Shield requirements.
To contact the reporter on this story: Stephen Gardner in Brusssels at email@example.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)