Modern field guide to security and privacy

Opinion: Europe's privacy advocates should back off Privacy Shield

Privacy Shield is certainly not a solution for eternity. But it fills the current void for safeguarding data flows across the Atlantic and attempts to match European and American views on privacy.

Leonhard Foeger/Reuters/File
Max Schrems brought a lawsuit against Facebook that eventually led to the EU's highest court striking down the 15 year-old data-sharing pact known as Safe Harbor.

Many critics predicted the two-month-old data-sharing deal between the European Union and the US wouldn't survive the legal and policy challenges from privacy advocates.

It appears they might be right. And that's a troubling development for anyone involved in the modern digital economy.

On Wednesday, Europe's privacy watchdogs – the European Data Protection Authorities – issued a stinging critique of the data transfer pact known as Privacy Shield. The deal was meant to replace the 15-year-old agreement known as Safe Harbor that some 4,500 companies relied on to transfer Europeans' personal information across the Atlantic. 

Despite many new protections as part of Privacy Shield, such as a privacy ombudsman and additional mechanisms for Europeans to file privacy grievances, the Data Protection Authorities, or DPA, want even more protections and assurances that US intelligence agencies aren't indiscriminately scooping up mass amounts of Europeans' information.

But attacking Privacy Shield at its outset, and potentially dooming the agreement to future legal wrangling, only penalizes the companies that provide the backbone for economic growth in Europe and the US, and unfairly casts the US as a desert for civil liberties. Additionally, the notion that the DPAs want any new data-sharing deal reevaluated every two years would put undue burden on small and medium-sized enterprises that can't afford to adapt to changing legal frameworks for transatlantic trade.

Over the past year, the US has enacted surveillance reforms and gave Europeans the right to legal redress in US courts over data privacy issues with the Judicial Redress Act even as European governments are more dependent than ever on the intelligence gathering capabilities of US spy agencies. After all, privacy reforms took place as the threat level in Europe skyrocketed with the influence of the Islamic State rising in its cities and radicals committing horrible acts of terrorism in Paris and Brussels.

Now, even the data privacy-loving Germans are reconsidering their stance on information gathering. According to a DeutschlandTrend poll, 77 percent of Germans feel that security measures should be increased permanently after the Brussels attacks. This is a moment where Europe needs faster, broader, and more advance information sharing, not more harping over individuals' privacy concerns.

Privacy Shield is certainly not a solution for eternity. But it fills the current void for safeguarding data flows across the Atlantic. Privacy advocates may attack it and Max Schrems, whose original data privacy case against Facebook led to the end of Safe Harbor, are plotting additional legal challenges to Privacy Shield, but the current deal attempts to match European and American views on privacy.

Even though the DPA's comments aren't binding, hopefully they won't stymie the European Commission's willingness to adopt the data-sharing plan so it can be in place by the target implementation date of June. If it doesn't act, nearly $1 trillion in transatlantic trade will be put in jeopardy.

Sudha David-Wilp is a German Marshall Fund senior transatlantic fellow and deputy director of its Berlin office. Follow her on Twitter @SudhaDavidWilp.

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.