Privacy

U.S.-EU data deal won't end cross-border data uncertainty

Image from Shutterstock.com

This summer, the European Commission may approve the Privacy Shield framework -- a replacement for the court-nixed Safe Harbor arrangement that had previously governed U.S.-EU data transfers – but the international uncertainty is unlikely to end.

That uncertainty threatens trillions of dollars in trans-Atlantic business. Europeans, whose court system recognizes such concepts as the "right to be forgotten," remain worried about the ways in which less-privacy-concerned Americans might use their data for commercial and intelligence purposes.

"It is clear that a model 21st century trade agreement cannot neglect the importance of the free flow of data to trade, investment, and business operations," U.S. Ambassador to the EU Anthony Gardner said in an address to the U.S. Chamber of Commerce in Belgium last month.

He aimed to allay European fears.

Since the Privacy Shield was initially hammered out in February, many European officials have weighed in, largely in non-binding capacities and largely to oppose the measure.

"[T]he Privacy Shield as it stands is not robust enough to withstand future legal scrutiny before the [European] Court [of Justice]," opined European Data Protection Supervisor Giovanni Buttarelli late last month.

That court struck down Safe Harbor over privacy concerns late last year.

Data Protection Authorities  from across the EU, represented in the Article 29 Working Party, also expressed reservations about Privacy Shield's privacy protections and vague wording, while noting the framework was an improvement over Safe Harbor.

Responding to DPAs' concerns, U.S. Ambassador Gardner clarified that Privacy Shield protections will "flow with [individuals'] data" even as that data is transferred to third parties.

He also stressed the notification requirements and complaint avenues included in the framework.

"Under the Privacy Shield, an individual may bring a complaint directly to a Privacy Shield participant company, and the company must respond to the individual within a fixed period of time," Gardner said. "If an individual submits a complaint to a DPA in the EU, the [U.S.] Department of Commerce has committed to receive, review and undertake best efforts to facilitate resolution of the complaint and to respond to the DPA within a fixed period of time."

In the past few months, Congress passed – and President Barack Obama signed – the USA Freedom Act and the Judicial Redress Act, Gardner noted. The laws may give some comfort to privacy advocates.

Gardner also claimed American intelligence-gatherers are committed to as much transparency as possible – just look at the Tumblr account.

For some, the Privacy Shield seems like a solid framework.

"I think it's an improvement," U.S. Chamber of Commerce global regulation head Adam Schlosser told FCW. "It provides clarity. It's a step in the right direction."

The framework may not be perfect, but the alternative to a broad agreement are individual contract arrangements, the legal costs of which could keep smaller businesses from participating in trans-Atlantic markets.

The Privacy Shield still needs a final "adequacy decision" from the European Commission. Officials had initially expressed a hope to pen the decision by June, but Schlosser predicted it would come by July.

And then the real challenge will hit when the deal winds up in front of the court that killed its predecessor.

"Someone's going to bring a challenge to Privacy Shield," Schlosser said. "If not on hour one, then on day one."

About the Author

Zach Noble is a staff writer covering digital citizen services, workforce issues and a range of civilian federal agencies.

Before joining FCW in 2015, Noble served as assistant editor at the viral news site TheBlaze, where he wrote a mix of business, political and breaking news stories and managed weekend news coverage. He has also written for online and print publications including The Washington Free Beacon, The Santa Barbara News-Press, The Federalist and Washington Technology.

Noble is a graduate of Saint Vincent College, where he studied English, economics and mathematics.

Click here for previous articles by Noble, or connect with him on Twitter: @thezachnoble.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.