European lawmakers will now consider effectiveness of privacy arrangement as the US Congress opts to unwind domestic commitments to protect consumer data
European Commissioner Vera Jourová is travelling to Washington DC this week to discuss cooperation with the Trump administration in areas such as the EU-US Privacy Shield, which is coming under sustained scrutiny on both sides of the Atlantic.
The Privacy Shield had been devised to set out clear safeguards and transparency obligations for US-based organisations processing data from EU citizens, ensuring their rights with regard to confidentiality in the United States, impacting technology functions across the public and private sector. Although there are other mechanisms available to use, the arrangement is seen as streamlining many key considerations around data handling.
The commissioner is expected during her trip to provide a keynote speech on transatlantic data flows. At the same time as EU and US authorities are pushing for further overhauls of their policies on information management and privacy - thought not necessarily in the same direction.
The European Parliament's Civil Liberties, Justice, and Home Affairs Committee (LIBE Committee) has reportedly leaned in favour of a draft resolution that argues that the Privacy Shield arrangement, although barely a year old, was inadequate. The draft resolution is now expected to be put before the plenary of the European Parliament either next month or in May for discussion.
According to the commission, around 1500 companies have now subscribed to the Privacy Shield, which faces a first ever annual review that will be jointly conducted by US authorities and members of the commissions. This will include input from the Article 29 Working Party of European data protection authorities including the UK Information Commissioner's Office (ICO).
While the Privacy Shield has been devised to replace the 'Safe Harbour' transfer arrangement that was invalidated by the European Court of Justice (CJEU) in 2015, critics have complained about a need for stronger safeguards to prevent similar legal difficulties.
Ireland's High Court, at the behest of the country's Data Protection Commissioner (DPC), is still to take a decision on whether to refer a decision on the validity of standard contractual clauses (SCCs) such as the Privacy Shield to the Court of Justice of the EU.
Meanwhile, the US' own obligations under the Privacy Shield are also uncertain at present. The country's House of Representatives and Senate are now set to roll back regulations restricting the sale of information the country's internet service providers hold on customers with regards to details like their browsing history.
According to the Los Angeles Times, Federal Communications Commission (FCC) regulations had required customers to give permission to internet service providers in order to disclose sensitive, highly personal information such as their app use or browsing history. However, these regulations are expected to be repealed, if backed by President Trump, raising concerns from campaigners about the US' commitments to national and global privacy conventions.
Dr Gus Hosein, executive director for Privacy International, has argued that Congress was rolling back domestic internet privacy commitments that could undermine the country's reputation for handling or transferring information.
"The fact that both Congress and the White House are abandoning the essential safeguard against having your browsing history sold to marketing agencies foreshadows increasing conflict between legal regimes across the world," said Hosein. "How can consumers globally have confidence in the security of their data being kept in the U.S. when the government is so keen to strip away rights of everyone with such ease?"
In January, UK data regulator the ICO said an executive order introduced by President Trump that backed revoking protections in the country's Privacy Act for information held by the state on non-US was not expected to have a direct impact on the EU-US Privacy Shield. In particular it was argued that the US Privacy Act had not been devised to offer data protection rights to European citizens.
However, the new administration's ongoing changes with regard to domestic data protection commitments are expected to form part of the Privacy Shield's upcoming annual review, as well as the agenda of Commissioner Jourová's current visit to the US.