Trump exec order won’t destroy Privacy Shield, says EU
30 January 2017 | 0
Fears that US President Trump has destroyed the Privacy Shield Transatlantic data transfer agreement with one of the many executive orders he has signed week are unfounded, the European Commission has said.
President Trump has signed an executive order entitled “Enhancing Public Safety in the Interior of the US,” one of several he has issued since taking office on 20 January. Such executive orders are used by US presidents to manage the operations of the federal government.
Like the “Border Security and Immigration Enforcement Improvements” executive order signed the same day, the public safety order seeks to repatriate foreigners who have either entered the US illegally or entered legally but overstayed or otherwise violated the terms of their visas.
To do that, law enforcers need to be able to track the foreigners concerned, but privacy laws can make it difficult for them to obtain the information necessary to identify them.
That is why Trump ordered US government agencies to “ensure that their privacy policies exclude persons who are not US citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
There has been concern that the president’s move would have an impact on Privacy Shield. Guaranteeing privacy rights for foreigners’ data processed in the US was one of the requirements the European Union imposed on the US when negotiating Privacy Shield, the agreement that allows businesses to transfer the personal information of EU citizens to the US for processing. Such transfers are forbidden by EU privacy law unless the destination country provides privacy protection at least equal to that required in under EU law.
One EU legislator who had fought for the protections enshrined in Privacy Shield immediately criticised the president’s public safety order. Member of the European Parliament Jan Philipp Albrecht feared the order would undermine Privacy Shield and another EU-US privacy agreement, the so-called Umbrella Agreement, which is due to take effect next Wednesday.
“If this is true @EU_Commission has to immediately suspend #PrivacyShield & sanction the US for breaking EU-US umbrella agreement,” said Albrecht in a Twitter post.
But the fears of Albrecht and others are unfounded, said a Commission spokeswoman. Privacy Shield protects data of EU citizens that is transferred to the US but does not cover the privacy of data gathered in the US.
“The US Privacy Act has never offered data protection rights to Europeans,” she said. Privacy Shield does not rely on the Privacy Act, which covers data held by US agencies, not by private companies.
The Umbrella Agreement covers the exchange of personal information between US and EU law enforcers during the course of their investigations. However, it depends on a law appears to exclude Europeans from Trump’s executive order.
“To finalise this agreement the US Congress adopted a new law last year, the US Judicial Redress Act, which extends the benefits of the US Privacy Act to Europeans and gives them access to US courts,” the Commission spokeswoman said.
And since Trump only asked agencies to exclude Europeans from the Privacy Act “to the extent consistent with applicable law,” it seems that the protections of the Judicial Redress Act still apply.
The Commission remains vigilant. “We will continue to monitor the implementation of both instruments and are following closely any changes in the US that might have an effect on European’s data protection rights,” the spokeswoman said.
IDG News Service