US tests EU patience over Privacy Shield
The European Commission is struggling to get the US administration to comply with a data privacy pact known as Privacy Shield.
Outstanding issues remain, following a review of the deal with the EU commissioner for justice, Vera Jourova, who told reporters in Brussels on Monday (25 September) that the US side is yet to fulfil its side of the bargain.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
"Privacy Shield, as I said when we started this mechanism, is not a one-off decision. It is a constant work and is very much based on trust," she said.
Jourova met last week with US commerce secretary Wilbur Ross to discuss the issue, given the broader implications the agreement has on protecting the privacy of EU citizens whose data is used by American firms.
The two sides had agreed to the new pact in early 2016, following revelations of US mass surveillance and the scrapping by the European Court of Justice of the scheme's ill-fated predecessor, Safe Harbour.
The system is meant to safeguard the privacy protection of European's personal data, whenever it is processed by US tech firms like Google or Facebook. Some 2,400 US companies have signed up to the self-certifying scheme, whose compliance is overseen by the US Federal Trade Commission (FTC).
The EU data, which is a multi-billion enterprise for US companies, is supposedly wrapped in EU-level protection standards whenever it is sent to the US. Both Ross and Jourova, in a joint-statement last week, said that the annual Privacy Shield review had marked "an important milestone" on data protection issues.
EU prefers impatience over deadlines
But such platitudes, including US promises last year to uphold its side of the agreement, are being stretched.
Over a year later, US authorities under Donald Trump's administration are yet to set up a permanent ombudsperson, to whom EU citizens can file complaints if they believe their rights have been violated.
Jourova said the EU commission would not "wait forever" for the US side to appoint someone, on a permanent basis, to the position.
"The appointment of the ombudsperson should be done in due time without any delay," said Jourova.
However, she stopped short of imposing any hard deadline on the Americans, preferring instead to express her "impatience" with the delays.
She also noted that the FTC is not being proactive enough in cracking down on non-complying US firms. "We want to see more compliance checks," she said.
Jourova had issued similar comments following her visit to Washington DC in April, given the lack of movement by US authorities. The US, at the time, had not set up a key oversight board in the US to ensure that EU personal data is not abused.
FISA review
Privacy campaigners in Europe are rattled by recent US moves.
Earlier this year, Trump pushed to roll back privacy, and granted the National Security Agency (NSA) the ability to share raw surveillance intelligence data with 16 other government agencies - without any oversight from the courts.
In March, the US Congress had also repealed Obama-era broadband privacy rules, with the mood in Washington DC appearing to shift increasingly towards isolationism in light of Trump's "America first" overarching policy lines.
But Privacy Shield faces other big challenges.
The NSA's section 702 on foreign intelligence gathering is up for renewal before the end of the year. This rule grants the US government sweeping powers to collect foreign intelligence information.
"We are very concerned about what the new version of this act will mean for Privacy Shield," said Jourova.
"I was very clear about our position that we do not want to see any changes that will go towards the detriment of the protection of private data of Europeans. So we will be watching this very closely," she added.