Vera Jourova spent months working with the Obama administration on a
deal to protect Europeans from digital surveillance by U.S. spies. With a
new occupant now in the White House, the EU’s privacy czar says she’s
prepared to rip up the pact if the Americans don’t adhere to its terms.
“If there is a significant change, we will suspend” the accord, Jourova,
the European Union’s justice commissioner, said in a Bloomberg
interview. “I will not hesitate to do it. There’s too much at stake.”
The pact, clinched last year, was meant to keep data flowing across the
Atlantic while ensuring that Europeans enjoyed safeguards from the
snooping by American security services. The Privacy Shield plugged holes
that led EU judges to overturn a previous accord dating back to 2000,
and was greeted with relief by U.S. companies that process personal data
from billing details to messaging platforms.
At the end of March -- the exact date still has to be finalized -- the
former Czech regional development minister will travel to Washington to
meet with the administration of new U.S. President Donald Trump on the
privacy shield. Jourova said she’s hopeful she won’t have to suspend the
pact, but conceded that Trump’s unpredictability has raised concern
among European regulators.
“Unpredictability is a problem if you need to trust something,” Jourova
said, adding that she remains “vigilant” about the government’s stance.
The EU “expects continuity” and “I will want reconfirmation and
reassurances when I will go to Washington.”
In a sign of rising concern, the commission on Feb. 7 sought
clarification from the U.S. that EU citizens wouldn’t be affected by a
Jan. 25 executive order by Trump on Enhancing Public Safety in the
Interior of the U.S.
One section in the presidential order said that U.S. “agencies shall, to
the extent consistent with applicable law, ensure that their privacy
policies exclude persons who are not United States citizens” from the
U.S. Privacy Act “regarding personally identifiable information.”
In a letter to Jourova’s office dated Feb. 22, the Department of Justice
assured the EU of the U.S.’s continued commitment to the Privacy
Shield.
The letter was written by Bruce Swartz, deputy assistant attorney
general, who told Jourova that the U.S. government “looks forward to
working closely with the commission in the weeks and months ahead to
protect the privacy and security” of U.S. and EU citizens.
Wilbur Ross, the new Secretary of Commerce, offered some words of
encouragement when he addressed Department of Commerce staff March 1,
saying that “we must build on the hard work that many of you have done
in supporting Privacy Shield.”
Tim Truman, a spokesman for the U.S. Department of Commerce’s
International Trade Administration, declined to immediately comment
other than to highlight Ross’s statements. The Department of Justice
didn’t respond to a request for comment.
Still, “the disruptive political style of the new U.S. administration
fills anyone working in the field of privacy with concern,” said
Johannes Caspar, one of Germany’s most outspoken data protection
commissioners.
“You don’t need to gaze into a crystal ball to see that the air
surrounding the Privacy Shield is becoming thinner,” said Caspar, who is
the Hamburg privacy regulator.
What the last few weeks have shown is that “everything is possible now,”
according to Jan Philipp Albrecht, the European Parliament’s chief
negotiator on stricter EU privacy rules. The bloc’s new data protection
rules will from May 2018 give European data watchdogs the power to fine
companies as much as 4 percent of their global annual sales for
violations.
“There are some really dangerous announcements around that would
endanger cooperation, but which would also put at risk the possibilities
for business to operate as normal,” said Albrecht. “As soon as it’s
clear that any orders will change the legal protections for Europeans in
the U.S. system, the already widely criticized Privacy Shield, from a
European perspective, cannot be upheld. It’s a very fragile thing,” he
said.
“Unpredictability is a problem if you need to trust something,” Jourova
said, adding that she remains “vigilant” about the government’s stance.
The EU “expects continuity” and “I will want reconfirmation and
reassurances when I will go to Washington.”
In a sign of rising concern, the commission on Feb. 7 sought
clarification from the U.S. that EU citizens wouldn’t be affected by a
Jan. 25 executive order by Trump on Enhancing Public Safety in the
Interior of the U.S.
One section in the presidential order said that U.S. “agencies shall, to
the extent consistent with applicable law, ensure that their privacy
policies exclude persons who are not United States citizens” from the
U.S. Privacy Act “regarding personally identifiable information.”
Still, “the disruptive political style of the new U.S. administration
fills anyone working in the field of privacy with concern,” said
Johannes Caspar, one of Germany’s most outspoken data protection
commissioners.
“You don’t need to gaze into a crystal ball to see that the air
surrounding the Privacy Shield is becoming thinner,” said Caspar, who is
the Hamburg privacy regulator.
What the last few weeks have shown is that “everything is possible now,”
according to Jan Philipp Albrecht, the European Parliament’s chief
negotiator on stricter EU privacy rules. The bloc’s new data protection
rules will from May 2018 give European data watchdogs the power to fine
companies as much as 4 percent of their global annual sales for
violations.
“There are some really dangerous announcements around that would
endanger cooperation, but which would also put at risk the possibilities
for business to operate as normal,” said Albrecht. “As soon as it’s
clear that any orders will change the legal protections for Europeans in
the U.S. system, the already widely criticized Privacy Shield, from a
European perspective, cannot be upheld. It’s a very fragile thing,” he
said.
The EU-U.S. Privacy Shield was enacted in July, months after both sides
were forced back to the drawing board when the bloc’s top court annulled
a “safe-harbor” accord dating back to 2000 for failing to offer
sufficient safeguards. The new deal seeks to address concerns that
American spies had unfettered access to European citizens’ private data.
One upcoming test of whether the U.S. has stuck to its commitments will
be an annual joint review with the U.S. Department of Commerce.
While Jourova raised the possibility of pulling the deal, she first
pledged to “engage in dialog” if there are signs that “somebody isn’t
doing what he is committed to do.”
Isabelle Falque-Pierrotin, France’s data privacy regulator, said she was
hopeful that President Trump’s background in commerce would mean he
will be keen to preserve the pact.
“U.S. economic interests behind the shield are considerable too, so I
think that Mr Trump, who is a businessman after all, isn’t completely
oblivious to what’s at risk,” said Falque-Pierrotin, who’s also the head
of the group of EU privacy watchdogs.
If the shield is abandoned, companies that transfer data as part of
their day-to-day business would be thrown back into the legal limbo they
were in before the deal, forcing them to revert to other, less
straightforward data transfer tools.
“I don’t think it’s the aim of anyone in the EU, whether in the European
Commission, in the Parliament or in the member states, to cause
disruption to companies,” said Albrecht. “But there are certain actions,
if Trump or his administration take them, that will leave the EU with
no alternative than to take clear actions.”
Read more: If Trump Spoils Privacy Pact, We'll Pull It, EU Official Warns - Bloomberg