Sunday

1st Oct 2023

Will US privacy-lite hollow out GDPR?

  • Despite their different approaches, the EU and the US have an agreement to share personal data for commercial purposes, known as 'Privacy Shield' (Photo: Josh Hallett)

Over 90 percent of the data on the internet has been created since 2016. Yet, the amount of personal information online is expected to grow exponentially in the next years.

As a result, data protection and privacy rules have either been introduced or are being considered in many countries across the world.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

The European Union's General Data Protection Regulation (GDPR), which entered into force in 2018, introduced pioneering legislation that set data privacy standards for millions of citizens in the EU and beyond.

Some say that GDPR is currently the most developed data protection law in the world, but the United States (US) has opted for a very different approach.

The American National Institute of Standards and Technology (NIST) recently released (16 January) the long-awaited Privacy Framework, which is not a law or regulation, but rather a "voluntary tool".

This framework aims to help organisations manage privacy risks and technical capabilities to comply with laws that may affect them, but also helps industries to communicate from the executive to the implementation level about privacy practices, aiming to increase consumers' trust.

"I think about it as building foundational blocks for privacy that anybody [small and big enterprises] can use to meet their obligations and manage their privacy risks," the senior policy adviser and leader for the Privacy Framework at NIST, Naomi Lefkovitz, told journalists in Brussels.

This model, basically focussed on privacy risk management, is "very flexible" so it could also be adopted in Europe complementing existing EU law, she said.

"We look at privacy risks from embarrassment to discrimination as a result of data processing, [and] these are the same issues that Europe is looking at," Lefkovitz said.

"But there is no one right answer when it comes to privacy," she added.

The European rules on data privacy have contributed to the development of the US Privacy Framework, according to Lefkovitz, who hopes that this voluntary tool "can return the favour" to achieve more effective solutions within the GDPR.

The EU-US Privacy Shield

Despite their different approaches, the EU and the US have an agreement to share personal data for commercial purposes, under certain conditions, since the EU-US 'privacy shield' framework was adopted in 2016.

But this deal has repeatedly received criticism from civil society and MEPs, who believe that European citizens' rights might be not fully protected.

In June 2018, the European Parliament's civil liberties committee (Libe) called on the European Commission to suspend the EU-US data transfer pact - something that might happen due to the "Schrems II" ongoing case before the European Court of Justice.

However, after the commission gave the green light to the agreement in its third annual review last October, some members of the committee remain sceptical.

"The EU-US 'privacy shield' is inadequate as a safeguard, badly implemented, hardly enforced and weakly scrutinised," Dutch liberal MEP Sophie in 't Veld said earlier this month.

"This is not the way that we can protect our citizens. This [agreement] does not even take the EU seriously. We make laws, then we negotiate with the US and we give it all away," she told MEPs from Libe.

According to the international NGO Access Now, "the EU does not only enable the continuous violation of fundamental rights under this arrangement, but it is also undermining its global leadership role on the protection of personal data".

MEPs from the Libe committee will be travelling to the US from 23 to 29 February to discuss EU-US justice and home affairs, including the privacy shield framework.

Privacy Shield less relevant given GDPR, says data chief

Giovanni Buttarelli, the European data protection supervisor, says the EU-US data sharing pact known as Privacy Shield will play an increasingly minor role given the general data protection regulation.

GDPR - a global 'gold standard'?

The new EU privacy rules are touted as a global 'gold standard' - but Mexico's former data commissioner warns some nations are far from ready.

Interview

2013: Snowden was 'wake-up call' for GDPR

The contentious negotiations on the EU's data protection rules (GDPR), very much influenced by intense lobbying from the US, radically changed after whistleblower Edward Snowden revealed in 2013 that US intelligence services were collecting worldwide user-data.

MEPs: 'Mass surveillance' still possible under US privacy deal

A delegation of MEPs from the civil liberties committee have warned of the remaining "deficiencies" of the EU-US 'privacy shield' framework, amid concerns over the efficiency of this mechanism to protect EU citizens' fundamental rights.

AI will destroy more female jobs than male, study finds

About four percent of global female employment is subject to potential automation through generative AI technologies, compared to only 1.4 percent of male employment. The trend is even more pronounced in high-income countries, a new study reveals.

Column

EU lobbying clean-up — what happened to that?

Six months after Qatargate, as institutional inertia and parliamentary privileges weigh in, the sense of gravity and collective resolve have all but disappeared. MEPs show little enthusiasm for reform of the rules that today allow them significant outside paid activities.

Latest News

  1. EU women promised new dawn under anti-violence pact
  2. Three steps EU can take to halt Azerbaijan's mafia-style bullying
  3. Punish Belarus too for aiding Putin's Ukraine war
  4. Added-value for Russia diamond ban, as G7 and EU prepare sanctions
  5. EU states to agree on asylum crisis bill, say EU officials
  6. Poland's culture of fear after three years of abortion 'ban'
  7. Time for a reset: EU regional funding needs overhauling
  8. Germany tightens police checks on Czech and Polish border

Stakeholders' Highlights

  1. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  2. International Medical Devices Regulators Forum (IMDRF)Join regulators, industry & healthcare experts at the 24th IMDRF session, September 25-26, Berlin. Register by 20 Sept to join in person or online.
  3. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  4. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA
  5. International Medical Devices Regulators Forum (IMDRF)Join regulators & industry experts at the 24th IMDRF session- Berlin September 25-26. Register early for discounted hotel rates
  6. Nordic Council of MinistersGlobal interest in the new Nordic Nutrition Recommendations – here are the speakers for the launch

Stakeholders' Highlights

  1. Nordic Council of Ministers20 June: Launch of the new Nordic Nutrition Recommendations
  2. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  3. ICLEISeven actionable measures to make food procurement in Europe more sustainable
  4. World BankWorld Bank Report Highlights Role of Human Development for a Successful Green Transition in Europe
  5. Nordic Council of MinistersNordic summit to step up the fight against food loss and waste
  6. Nordic Council of MinistersThink-tank: Strengthen co-operation around tech giants’ influence in the Nordics

Join EUobserver

Support quality EU news

Join us