Posted by Sequel on January 30, 2017
Topic: blogs
Tags: Donald J. Trump, personal data, Privacy Act, privacy shield
Privacy Shield is Safe, for Now

On January 25, 2017, U.S. President Donald J. Trump issued an Executive Order titled “Enhancing Public Safety in the Interior of the United States.” One specific provision in the order has caused some concern among privacy professionals: the provision, titled “Privacy Act,” reads as follows:

Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information. 

Technology journalists have been scrambling to understand what this section means for the recently negotiated EU-U.S. Privacy Shield, a framework which enables the transfer of personal data of EU citizens to the U.S. for processing. Because Privacy Shield was negotiated to ensure that the privacy rights of EU citizens are adequately protected in the U.S., the weakening of privacy protections for non-U.S. citizens has the potential to threaten the vitality of the framework and prompt EU lawmakers to suspend Privacy Shield if the U.S. can no longer ensure that EU citizens will receive adequate privacy protection.

In spite of the initial hubbub, a spokesperson for the European Commission has confirmed that Privacy Shield does not rely on the protections circumscribed by the President’s Executive Order. Nonetheless, the episode is a valuable reminder that businesses engaging in cross-border data processing face a legal landscape that is frequently shifting. The best way for businesses to guard against this uncertainty is to ensure that they have made contractual arrangements with their European partners that provide for specific privacy-related measures. Because participation in Privacy Shield is voluntary, working out the legal logistics of data protection by direct contractual arrangements can help businesses avoid the headache of Privacy Shield altogether—including the effects of any further executive action that might disrupt Privacy Shield.

Comments are closed.