Privacy Principles

European officials are visiting the U.S. next week to review an economically significant agreement that allows American companies to handle European data, with privacy advocates pointing at the Trump administration as a reason to rethink the deal.

The Privacy Shield framework was forged in July 2016 after a European court struck down a previous outline of transatlantic privacy principles in the wake of disclosures about U.S. mass surveillance programs.

Opponents are urging the European Commission to suspend the deal, a potential economic cannonball affecting more than $260 billion in annual transatlantic digital services trade.

The Privacy Shield has many critics in Europe, where the EU Parliament passed a resolution in April listing concerns and where multiple lawsuits seek another startling blow to the status quo.

And U.S. privacy advocates also are trying to upend the deal, with American advocacy groups offering critiques to European officials on a conference call earlier this month.

The European delegation will be led by Věra Jourová, European Commission commissioner for justice, consumers, and gender equality, who will meet Monday in Washington with Commerce Secretary Wilbur Ross to launch the review.

The European Commission said Friday that "[t]he purpose of the review is to establish whether the arrangement adopted on 12 July [2016], now used by over 2,400 firms, properly secures transfers of personal data from the EU to the U.S."

"After discussions with U.S. administration and gathering feedback from range of stakeholders, from businesses to NGOs, the Commission will publish a report with its assessment in the coming weeks," the commission said.

A Commerce Department spokesperson said meetings will take place on Monday and Tuesday with representatives from many U.S. government entities, including the State Department, Justice Department, Transportation Department, the Federal Trade Commission, the Office of the Director of National Intelligence, and the Privacy and Civil Liberties Oversight Board.

The Trump administration supports continued participation in the Privacy Shield agreement.

Most criticism of the deal focuses on the adequacy of oversight and protections against the mass surveillance, however, and Trump's actions and appointments are sure to be raised.

One likely topic of conversation is the barely functional PCLOB, designated by the deal as an arbiter of disputes referred by an ombudsman. The five-member board has four vacancies. With a three-member quorum required, it can't take official actions, and without a chairman since last year it cannot hire staff.

Trump nominated a new chairman to the privacy board last month, but the Senate has not acted and the White House has not yet moved to fill the remaining three board vacancies.

Another likely topic is the effect of a January executive order in which Trump declares that protections outlined in the Privacy Act of 1964 do not apply to foreigners. There's debate about what that means for Europe, as the 2015 Judicial Redress Act says Privacy Act protections do apply to European Union citizens.

Neema Singh Guliani of the American Civil Liberties Union said there's concern about whether non-citizens living in Europe are protected and whether the Judicial Redress Act actually offers the same protections that Trump rescinded from a 2014 President Obama directive. And she said the action also created a problem with perception.

"It sent a signal to people in the EU that the degree to which their data would be protected would be less than in previous administrations," she said.

Guliani, who was on the conference call with European officials this month, said there are many other concerns about whether the agreement lives up to the standards set by European courts that struck down the old agreement.

"It's hard to understand how the Privacy Shield would be consistent with what the European courts have said," she said. "To take something simple like redress … there is no meaningful avenue – even for people in the U.S. – there's often no way to tell if you have been targeted by an intelligence agency."

These issues come amid a broader backdrop of privacy issues, with the Trump administration pushing for clean reauthorization of Section 702 of the Foreign Intelligence Surveillance Act — which governs large internet-surveillance programs and is up for renewal in Congress this year.

Section 702 governs acquisition of data from internet infrastructure in the U.S., and its programs collect large amounts of "incidental" data from non-targets.

Sarah St. Vincent of Human Rights Watch said lesser-known surveillance under Executive Order 12333, which governs intercepts of communications from internet infrastructure outside the U.S., also is a concern.

"702 basically provides open season for non-U.S. citizens for surveillance," St. Vincent said. "As bad as 702 is, 12333 is far worse. … You see no judicial oversight … and Congress is not holding hearings on 12333 – not publicly – so we don't know how much oversight they are exercising."

After meetings in D.C., Jourová will visit California to discuss the Privacy Shield and other topics with tech company leaders including Facebook chief operating officer Sheryl Sandberg and representatives of Apple and Google.

The commission said Friday she will "quiz tech companies on their experience with Privacy Shield and discuss the ongoing work on social platforms in the EU, including combating illegal online hate speech, user's terms and conditions, gender equality, especially in a tech environment and other upcoming EU initiatives."

Hate speech is legal in the United States, with few narrow exceptions, but social media giants increasingly have chosen to censor such content. Companies like Facebook generally acquiesce to local censorship standards of countries in which they operate.

The Commerce Department spokesperson did not say if the U.S. has major concerns with European implementation of the Privacy Shield. There's a carveout in European law for state security, St. Vincent said, making it unclear if European courts can hold member countries there to the same standard to which they hold the U.S. government.

Source :

Europeans descend on DC to probe privacy under Trump
The FTC’s First Privacy Shield Enforcement Actions
EU-US Privacy Shield faces its moment of truth
How tech giants have shredded our privacy and what we should do about it
Employment Screening Resources (ESR) Completes Annual EU-U.S. Privacy Shield Re-Certification
10 principles for data journalism in its second decade
First Amendment and the Principles of Community
7 principles for designing a blockchain network to power and sustain your business
Lisa Sotto Selected as Arbitrator for the EU-U.S. Privacy Shield