Privacy

U.S.-EU data deal won't end cross-border data uncertainty

Image from Shutterstock.com

This summer, the European Commission may approve the Privacy Shield framework -- a replacement for the court-nixed Safe Harbor arrangement that had previously governed U.S.-EU data transfers – but the international uncertainty is unlikely to end.

That uncertainty threatens trillions of dollars in trans-Atlantic business. Europeans, whose court system recognizes such concepts as the "right to be forgotten," remain worried about the ways in which less-privacy-concerned Americans might use their data for commercial and intelligence purposes.

"It is clear that a model 21st century trade agreement cannot neglect the importance of the free flow of data to trade, investment, and business operations," U.S. Ambassador to the EU Anthony Gardner said in an address to the U.S. Chamber of Commerce in Belgium last month.

He aimed to allay European fears.

Since the Privacy Shield was initially hammered out in February, many European officials have weighed in, largely in non-binding capacities and largely to oppose the measure.

"[T]he Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the [European] Court [of Justice]," opined European Data Protection Supervisor Giovanni Buttarelli late last month.

That court struck down Safe Harbor over privacy concerns late last year.

Data Protection Authorities  from across the EU, represented in the Article 29 Working Party, also expressed reservations about Privacy Shield's privacy protections and vague wording, while noting the framework was an improvement over Safe Harbor.

Responding to DPAs' concerns, U.S. Ambassador Gardner clarified that Privacy Shield protections will "flow with [individuals'] data" even as that data is transferred to third parties.

He also stressed the notification requirements and complaint avenues included in the framework.

"Under the Privacy Shield, an individual may bring a complaint directly to a Privacy Shield participant company, and the company must respond to the individual within a fixed period of time," Gardner said. "If an individual submits a complaint to a DPA in the EU, the [U.S.] Department of Commerce has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the DPA within a fixed period of time."

In the past few months, Congress passed – and President Barack Obama signed – the USA Freedom Act and the Judicial Redress Act, Gardner noted. The laws may give some comfort to privacy advocates.

Gardner also claimed American intelligence-gatherers are committed to as much transparency as possible – just look at the Tumblr account.

For some, the Privacy Shield seems like a solid framework.

"I think it's an improvement," U.S. Chamber of Commerce global regulation head Adam Schlosser told FCW. "It provides clarity. It's a step in the right direction."

The framework may not be perfect, but the alternative to a broad agreement are individual contract arrangements, the legal costs of which could keep smaller businesses from participating in trans-Atlantic markets.

The Privacy Shield still needs a final "adequacy decision" from the European Commission. Officials had initially expressed a hope to pen the decision by June, but Schlosser predicted it would come by July.

And then the real challenge will hit when the deal winds up in front of the court that killed its predecessor.

"Someone's going to bring a challenge to Privacy Shield," Schlosser said. "If not on hour one, then on day one."

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.