Modern field guide to security and privacy

Opinion: Will Trump sink Privacy Shield?

If Trump walks back US surveillance reform, he could jeopardize a trade agreement with the European Union that ensures the free flow of data across the Atlantic. 

 

|
Francois Lenoir/Reuters
US and European Union flags displayed during the visit of Vice President Mike Pence to the European Commission headquarters in Brussels on Feb. 20. REUTERS/Francois Lenoir

President Trump may be on track to derail the European Union-US Privacy Shield, an agreement that protects European citizens’ privacy when their personal data is transferred stateside.

The agreement is already on shaky ground with two legal challenges pending in European Courts. Now, with Mr. Trump seemingly poised to undo Obama administration reforms curtailing bulk metadata collection, the deal is at even greater risk.

Privacy Shield was negotiated early last year after the EU's top court invalidated a 1998 agreement known as Safe Harbor, put in place to assure Europeans that US companies “adequately protected” their information. 

Even before Safe Harbor was invalidated, there were numerous calls to update the agreement to reflect new developments in cloud computing, mobile technology, and social networking. Privacy watchdogs across the Atlantic repeatedly called for reform, expressing concern that US companies couldn't be trusted with Europeans' data.

Those calls grew louder after Edward Snowden leaked classified information in 2013 that revealed mass surveillance programs affecting EU citizens. And, the EU’s effort to modernize its data protection regime – culminating in the recent adoption of the so-called General Data Protection Regulation – only served to underscore the need to update Safe Harbor.

Now, Privacy Shield, the successor to Safe Harbor, faces a raft of challenges. In September, an advocacy group known as Digital Rights Ireland asked the second highest European Court to annul the agreement on the grounds that it doesn’t provide enough privacy protection for EU data. Shortly thereafter, a French civil liberties group filed a similar suit.  

By itself, the legal uncertainty over Privacy Shield is problematic for industry, with an estimated $260 billion in commerce reliant on transatlantic data flows on the line.

But the situation may be even worse. Privacy Shield comes up for annual review later this year, and there's growing concern that Trump could undermine US commitments – particularly on surveillance and judicial redress – that are essential to the agreement. 

One major concern centers around the USA Freedom Act, which ended the National Security Agency's bulk collection of telephone metadata (e.g., phone numbers called and the time and duration of calls). Trump’s newly confirmed CIA head Mike Pompeo expressly called for a return to bulk collection of metadata as recently as January 2016. If Trump heeds this call and walks back USA Freedom Act protections, the administration could undermine the continued viability of the Privacy Shield.

Presidential Policy Directive-28 (PPD-28) also was a factor in the European Commission’s acceptance of Privacy Shield. Issued by President Obama in 2014, PPD-28 not only limited the purposes for which bulk signals intelligence can be used, but also acknowledged that “all persons should be treated with dignity and respect … [and] have legitimate privacy interests in the handling of their personal information.” 

Mr. Pompeo has argued that PPD-28 “undermines our intelligence capabilities in service of a novel cause: foreign privacy interests.” If Trump repeals PPD-28 – whether at Pompeo’s urging or to make good on his pledge to repeal "every single Obama executive order” – an essential foundational element of the Privacy Shield agreement would be lost.

Another critical element of the Privacy Shield is redress. The Safe Harbor agreement was invalidated in part because it failed to provide Europeans a right of redress for NSA surveillance that violated their privacy. Under the Privacy Shield, EU citizens have rights to redress – including judicial redress – for improper disclosure of their data. The Judicial Redress Act (JRA) of 2015, which extended to EU citizens the protections of the Privacy Act of 1974, was critical to European acceptance of the Privacy Shield.

Last month, with a stroke of the pen that could unsettle EU privacy watchdogs, President Trump issued an executive order directing that federal agencies craft their privacy policies to exclude non-US citizens from Privacy Act protections.

Notwithstanding the executive order, EU citizens will retain the Privacy Act protections granted by the JRA, including rights to judicial redress, because executive orders do not supersede statutes. Regardless, the administration’s decision to weaken privacy protections for non-US persons could be a sticking point for the Europeans when Privacy Shield comes up for review later this year.

Trump should tread cautiously. Privacy Shield bridges fundamental differences between US and EU approaches to data protection.  Disturbing this tenuous deal could jeopardize the transatlantic data flows essential to the global economy.

Melanie Teplinsky teaches information privacy law at the American University Washington College of Law as an adjunct professor. She started her career in cybersecurity in 1991 as an analyst at the National Security Agency.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Will Trump sink Privacy Shield?
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2017/0224/Opinion-Will-Trump-sink-Privacy-Shield
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe