Saturday

3rd Dec 2022

Cracks emerge in EU US data 'shield'

  • The EU is hoping a new Privacy Shield will restore business confidence on data transfers to the US (Photo: Alessio Milan)

The next US administration can, if it so chooses, weaken an already patchy data sharing pact with the EU known as Privacy Shield.

The provisional agreement spells out how US companies can use the transferred data of EU nationals while respecting tough EU privacy laws.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

But fears are mounting a US administration headed by firebrand Donald Trump may attempt to punch holes in an agreement whose legal basis is largely based on promises and letters signed by top US officials.

Ted Dean, a US department of commerce official, told a room of skeptical MEPs on Thursday (17 March) that the US has made commitments to uphold its side of the bargain.

When pressed on the legal basis that ties the US to those commitments, he said it was in the commercial interest of the US to respect the rules.

"We've made these commitments, a new administration could look at them, but that is exactly why there is an annual review," he added.

His EU commission counterpart Tiina Astola echoed similar views, telling MEPs that possible changes is "a fact of life".

"Whenever an administration changes, when the legislature changes, there can be amendments and changes. But that is the fact of life," she said.

The two sides took years to reach a political agreement on how to protect the privacy of transferred data of EU citizens while allowing US firms to process and use that data for commercial ends.

Privacy Shield is supposed to ensure, among other things, that the US National Security Agency (NSA) won't bulk collect and use data of EU citizens once transferred to the US.

The entire agreement hinges on whether it can stand up against the scrutiny of the European Court of Justice in Luxembourg.

The Court last October scuppered a 15-year old Safe Harbour agreement following revelations by former NSA contractor Edward Snowden of US-led mass surveillance.

Over 4,000 US firms relied on Safe Harbour.

With Safe Harbour dead, many were at pains on how to transfer and use the data of EU citizens whose commercial value is estimated in the billions.

Negotiators on both sides of the Atlantic then scrambled to finalise the new Privacy Shield as a Safe Harbour replacement.

They then announced Shield at the start of February with much fanfare but without disclosing details on how it would work in practice.

Bulk collection still allowed

A few weeks later, the EU commission published a series of letters signed US state secretary John Kerry, commerce secretary Penny Pritzker, the Federal Trade Commission, and the Office of the Director of National Intelligence, amongst others.

Details in those letters show the US can still bulk collect data if targeted collection is somehow not feasible.

The EU commission says this is good enough, noting if the US fails to comply, it can suspend the pact.

"Even if bulk collection is sometimes allowed the sum total of these limitation and safeguards means there is no limitless collection and no limitless access, which is what the Court [ECJ] found to be in breach," said Astola.

The EU and US are hoping their arguments will re-inject business confidence among the thousands of firms that rely on processing data of EU nationals.

That includes restoring trust among the people whose data is being harvested. If people think the US will continue to violate their privacy, regardless of Privacy Shield, then they may turn away from US firms.

Some privacy advocates are describing Privacy Shield as a sham.

"Privacy Shield represents a step backwards for the scope and definition to the right of privacy," said Marc Rotenberg, president and Executive Director of the US-based Electronic Privacy Information Center.

He said section 702 of the US foreign Intelligence Surveillance Act (FISA) first needs to be repealed.

The section grants the US government sweeping powers to collect foreign intelligence information.

EU Commission proposes suspending billions to Hungary

Prime minister Viktor Orbán's government has to implement 27 measures "fully and correctly" before any payment from the €5.8bn recovery fund can be made, or the suspended €7.5bn of cohesion funds can be unblocked.

Catalan spyware victims demand justice

Victims of the widening spyware scandal in Spain are demanding justice and reparations, following the revelations that journalists, lawyers, civil society and politicians had been targeted.

EU Commission to keep Hungary's EU funds in limbo

The EU executive, on the other hand, is expected to approve Hungary's recovery plan, worth €5.8bn, but only would disburse actual money if Hungary delivers on some 27 key reforms.

Portugal was poised to scrap 'Golden Visas' - why didn't it?

Over the last 10 years, Portugal has given 1,470 golden visas to people originating from countries whose tax-transparency practices the EU finds problematic. But unlike common practice in other EU states with similar programmes, Portugal has not implemented "due diligence".

Stakeholders' Highlights

  1. Nordic Council of MinistersCOP27: Food systems transformation for climate action
  2. Nordic Council of MinistersThe Nordic Region and the African Union urge the COP27 to talk about gender equality
  3. International Sustainable Finance CentreJoin CEE Sustainable Finance Summit, 15 – 19 May 2023, high-level event for finance & business
  4. Friedrich Naumann Foundation European DialogueGender x Geopolitics: Shaping an Inclusive Foreign Security Policy for Europe
  5. Obama FoundationThe Obama Foundation Opens Applications for its Leaders Program in Europe
  6. EFBWW – EFBH – FETBBA lot more needs to be done to better protect construction workers from asbestos

Latest News

  1. EU must break Orbán's veto on a tax rate for multinationals
  2. Belarus dictator's family loves EU luxuries, flight data shows
  3. How Berlin and Paris sold-out the EU corporate due diligence law
  4. Turkey's EU-funded detention centres ripe with abuse: NGO
  5. In green subsidy race, EU should not imitate US
  6. EU Commission proposes suspending billions to Hungary
  7. EU: Russian assets to be returned in case of peace treaty
  8. Frontex leadership candidates grilled by MEPs

Stakeholders' Highlights

  1. European Committee of the RegionsRe-Watch EURegions Week 2022
  2. UNESDA - Soft Drinks EuropeCall for EU action – SMEs in the beverage industry call for fairer access to recycled material
  3. Nordic Council of MinistersNordic prime ministers: “We will deepen co-operation on defence”
  4. EFBWW – EFBH – FETBBConstruction workers can check wages and working conditions in 36 countries
  5. Nordic Council of MinistersNordic and Canadian ministers join forces to combat harmful content online
  6. European Centre for Press and Media FreedomEuropean Anti-SLAPP Conference 2022

Join EUobserver

Support quality EU news

Join us