If Trump Spoils Privacy Pact, We'll Pull It, EU Official WarnsBy
Vera Jourova says she won’t hesitate to suspend privacy shield
Privacy czar gives interview before meeting new administration
Vera Jourova spent months working with the Obama administration on a deal to protect Europeans from digital surveillance by U.S. spies. With a new occupant now in the White House, the EU’s privacy czar says she’s prepared to rip up the pact if the Americans don’t adhere to its terms.
“If there is a significant change, we will suspend” the accord, Jourova, the European Union’s justice commissioner, said in a Bloomberg interview. “I will not hesitate to do it. There’s too much at stake.”
The pact, clinched last year, was meant to keep data flowing across the Atlantic while ensuring that Europeans enjoyed safeguards from the snooping by American security services. The Privacy Shield plugged holes that led EU judges to overturn a previous accord dating back to 2000, and was greeted with relief by U.S. companies that process personal data from billing details to messaging platforms.
At the end of March -- the exact date still has to be finalized -- the former Czech regional development minister will travel to Washington to meet with the administration of new U.S. President Donald Trump on the privacy shield. Jourova said she’s hopeful she won’t have to suspend the pact, but conceded that Trump’s unpredictability has raised concern among European regulators.
“Unpredictability is a problem if you need to trust something,” Jourova said, adding that she remains “vigilant” about the government’s stance. The EU “expects continuity” and “I will want reconfirmation and reassurances when I will go to Washington.”
In a sign of rising concern, the commission on Feb. 7 sought clarification from the U.S. that EU citizens wouldn’t be affected by a Jan. 25 executive order by Trump on Enhancing Public Safety in the Interior of the U.S.
One section in the presidential order said that U.S. “agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens” from the U.S. Privacy Act “regarding personally identifiable information.”
In a letter to Jourova’s office dated Feb. 22, the Department of Justice assured the EU of the U.S.’s continued commitment to the Privacy Shield.
The letter was written by Bruce Swartz, deputy assistant attorney general, who told Jourova that the U.S. government “looks forward to working closely with the commission in the weeks and months ahead to protect the privacy and security” of U.S. and EU citizens.
Wilbur Ross, the new Secretary of Commerce, offered some words of encouragement when he addressed Department of Commerce staff March 1, saying that “we must build on the hard work that many of you have done in supporting Privacy Shield.”
Tim Truman, a spokesman for the U.S. Department of Commerce’s International Trade Administration, declined to immediately comment other than to highlight Ross’s statements. The Department of Justice didn’t respond to a request for comment.
Still, “the disruptive political style of the new U.S. administration fills anyone working in the field of privacy with concern,” said Johannes Caspar, one of Germany’s most outspoken data protection commissioners.
“You don’t need to gaze into a crystal ball to see that the air surrounding the Privacy Shield is becoming thinner,” said Caspar, who is the Hamburg privacy regulator.
What the last few weeks have shown is that “everything is possible now,” according to Jan Philipp Albrecht, the European Parliament’s chief negotiator on stricter EU privacy rules. The bloc’s new data protection rules will from May 2018 give European data watchdogs the power to fine companies as much as 4 percent of their global annual sales for violations.
“There are some really dangerous announcements around that would endanger cooperation, but which would also put at risk the possibilities for business to operate as normal,” said Albrecht. “As soon as it’s clear that any orders will change the legal protections for Europeans in the U.S. system, the already widely criticized Privacy Shield, from a European perspective, cannot be upheld. It’s a very fragile thing,” he said.
The EU-U.S. Privacy Shield was enacted in July, months after both sides were forced back to the drawing board when the bloc’s top court annulled a “safe-harbor” accord dating back to 2000 for failing to offer sufficient safeguards. The new deal seeks to address concerns that American spies had unfettered access to European citizens’ private data.
One upcoming test of whether the U.S. has stuck to its commitments will be an annual joint review with the U.S. Department of Commerce.
While Jourova raised the possibility of pulling the deal, she first pledged to “engage in dialog” if there are signs that “somebody isn’t doing what he is committed to do.”
Isabelle Falque-Pierrotin, France’s data privacy regulator, said she was hopeful that President Trump’s background in commerce would mean he will be keen to preserve the pact.
“U.S. economic interests behind the shield are considerable too, so I think that Mr Trump, who is a businessman after all, isn’t completely oblivious to what’s at risk,” said Falque-Pierrotin, who’s also the head of the group of EU privacy watchdogs.
If the shield is abandoned, companies that transfer data as part of their day-to-day business would be thrown back into the legal limbo they were in before the deal, forcing them to revert to other, less straightforward data transfer tools.
“I don’t think it’s the aim of anyone in the EU, whether in the European Commission, in the Parliament or in the member states, to cause disruption to companies,” said Albrecht. “But there are certain actions, if Trump or his administration take them, that will leave the EU with no alternative than to take clear actions.”
— With assistance by David Rocks