Moves by the Trump administration to roll back key internet privacy rules have spooked the European Union over the stability of the Privacy Shield agreement.
Last week, the European Parliament voted on a resolution asking the European Commission, the E.U.’s executive arm, to ensure that the Trump administration will guarantee safeguards for the protection of Europeans’ data. The parliament is also requesting access to documents showing how the U.S. authorities are enforcing Privacy Shield on their end.
Privacy Shield is an agreement allowing the transfer of data between Europe and the U.S. It will undergo its first annual review in September. The pact replaces the old Safe Harbor, which was invalidated by European courts in 2015.
The Commission needs to examine whether “the protection of personal data in the United States is really adequate in comparison to E.U. data protection law,” said German MEP Jan Philipp Albrecht, who voted in favor of the resolution.
“It’s also clear that if such an analysis brings up that it isn’t adequate, this decision on Privacy Shield needs to be suspended.”
Privacy Shield is already on shaky ground. It’s currently involved in two lawsuits that challenge its efficacy in protecting Europeans from surveillance abuses as well as the independence of a U.S. ombudsperson in charge of handling complaints.
The U.S. never took the Privacy Shield negotiations seriously, claimed Joe McNamee, executive director of EDRi, a digital rights group.
“The U.S. now expects the E.U. to have unending patience with and blindness to non-respect of the deal,” he said. McNamee added that, while it may be unlikely that the Commission will act, Privacy Shield will most likely be overturned by the European Court of Justice, much like Safe Harbor.
The Trump administration’s stance on online privacy has become a concern in Europe. January’s executive order excluding non-citizens from the Privacy Act regarding personal identifying information and the changes to National Security Agency rules that allowed sharing data among agencies all raised alarm. The recent changes to internet providers’ rights for selling consumer data to third parties haven’t instilled much confidence, either.
“The privacy destruction rules recently adopted give a very clear view of the administration’s view of the right of citizens to control their own data and how seriously assurances to the contrary should be taken,” said McNamee.
A spokesperson for the European Commission told the Daily Dot that E.U. Justice Commissioner Věra Jourová was promised by Secretary of Commerce Wilbur Ross that Privacy Shield will be upheld when she visited Washington, D.C., recently. The Department of Commerce, which was involved in negotiating the deal, did not respond to requests for comment.
The European Parliament’s resolution also took issue with the U.S. not appointing a new ombudsperson to oversee Europeans’ complaints. Currently, the duties are handled by acting Assistant Secretary Judith Garber, who was delegated the authority of Under Secretary for Economic Growth, Energy and the Environment, which includes Privacy Shield.
“This information was confirmed to Ms. Jourová when she visited Washington, D.C., two weeks ago,” said Commission spokesperson. “On the other hand, this wasn’t widely known in Europe. You can say that Commissioner Jourová’s visit to D.C. has helped to clarify it.”
With the lifting of Trump’s federal hiring freeze this week, a permanent ombudsperson could potentially be appointed. The State Department did not respond with comment by publication time.
However, adding to the Parliament’s concerns, the independence of a U.S. ombudsperson to handle complaints from E.U. citizens has been regularly called into question.
“There should be an ombudsperson overseeing the complaints,” said Albrecht, “but of course it was clear already last October when the Commission adopted this decision that this is not really an independent judicial review, which the Court of Justice has asked [for] and I think that should still be improved.”