Monday

28th Sep 2020

Cracks emerge in EU US data 'shield'

  • The EU is hoping a new Privacy Shield will restore business confidence on data transfers to the US (Photo: Alessio Milan)

The next US administration can, if it so chooses, weaken an already patchy data sharing pact with the EU known as Privacy Shield.

The provisional agreement spells out how US companies can use the transferred data of EU nationals while respecting tough EU privacy laws.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

But fears are mounting a US administration headed by firebrand Donald Trump may attempt to punch holes in an agreement whose legal basis is largely based on promises and letters signed by top US officials.

Ted Dean, a US department of commerce official, told a room of skeptical MEPs on Thursday (17 March) that the US has made commitments to uphold its side of the bargain.

When pressed on the legal basis that ties the US to those commitments, he said it was in the commercial interest of the US to respect the rules.

"We've made these commitments, a new administration could look at them, but that is exactly why there is an annual review," he added.

His EU commission counterpart Tiina Astola echoed similar views, telling MEPs that possible changes is "a fact of life".

"Whenever an administration changes, when the legislature changes, there can be amendments and changes. But that is the fact of life," she said.

The two sides took years to reach a political agreement on how to protect the privacy of transferred data of EU citizens while allowing US firms to process and use that data for commercial ends.

Privacy Shield is supposed to ensure, among other things, that the US National Security Agency (NSA) won't bulk collect and use data of EU citizens once transferred to the US.

The entire agreement hinges on whether it can stand up against the scrutiny of the European Court of Justice in Luxembourg.

The Court last October scuppered a 15-year old Safe Harbour agreement following revelations by former NSA contractor Edward Snowden of US-led mass surveillance.

Over 4,000 US firms relied on Safe Harbour.

With Safe Harbour dead, many were at pains on how to transfer and use the data of EU citizens whose commercial value is estimated in the billions.

Negotiators on both sides of the Atlantic then scrambled to finalise the new Privacy Shield as a Safe Harbour replacement.

They then announced Shield at the start of February with much fanfare but without disclosing details on how it would work in practice.

Bulk collection still allowed

A few weeks later, the EU commission published a series of letters signed US state secretary John Kerry, commerce secretary Penny Pritzker, the Federal Trade Commission, and the Office of the Director of National Intelligence, amongst others.

Details in those letters show the US can still bulk collect data if targeted collection is somehow not feasible.

The EU commission says this is good enough, noting if the US fails to comply, it can suspend the pact.

"Even if bulk collection is sometimes allowed the sum total of these limitation and safeguards means there is no limitless collection and no limitless access, which is what the Court [ECJ] found to be in breach," said Astola.

The EU and US are hoping their arguments will re-inject business confidence among the thousands of firms that rely on processing data of EU nationals.

That includes restoring trust among the people whose data is being harvested. If people think the US will continue to violate their privacy, regardless of Privacy Shield, then they may turn away from US firms.

Some privacy advocates are describing Privacy Shield as a sham.

"Privacy Shield represents a step backwards for the scope and definition to the right of privacy," said Marc Rotenberg, president and Executive Director of the US-based Electronic Privacy Information Center.

He said section 702 of the US foreign Intelligence Surveillance Act (FISA) first needs to be repealed.

The section grants the US government sweeping powers to collect foreign intelligence information.

EUobserver under attack in wider battle for EU free press

If EU citizens want to know the truth, then journalists need protection from malicious litigation, as EUobserver joined the list of targets, over an article about the late Maltese journalist Daphne Caruana Galizia.

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic Council meets Belarusian opposition leader Svetlana Tichanovskaja
  2. Nordic Council of MinistersNordic Region to invest DKK 250 million in green digitalised business sector
  3. UNESDAReducing packaging waste – a huge opportunity for circularity
  4. Nordic Council of MinistersCOVID-19 halts the 72nd Session of the Nordic Council in Iceland
  5. Nordic Council of MinistersCivil society a key player in integration
  6. UNESDANext generation Europe should be green and circular

Latest News

  1. Caucasus warfare prompts EU alarm
  2. Summit reloaded and last Brexit round This WEEK
  3. EU denies 'clandestine' mission on Venezuela election date
  4. Between the lines, Europe's new Moria unfolds
  5. Now's the time to give QMV a chance in EU foreign policy
  6. European hiccups on the way to West Africa
  7. Berlin repeats support for EU human rights sanctions
  8. China's carbon pledge at UN sends 'clear message' to US

Stakeholders' Highlights

  1. Nordic Council of MinistersNEW REPORT: Eight in ten people are concerned about climate change
  2. UNESDAHow reducing sugar and calories in soft drinks makes the healthier choice the easy choice
  3. Nordic Council of MinistersGreen energy to power Nordic start after Covid-19
  4. European Sustainable Energy WeekThis year’s EU Sustainable Energy Week (EUSEW) will be held digitally!
  5. Nordic Council of MinistersNordic states are fighting to protect gender equality during corona crisis
  6. UNESDACircularity works, let’s all give it a chance

Join EUobserver

Support quality EU news

Join us