Trumping Privacy Shield

Trump Effect Privacy ShieldThose opposed to government mass surveillance are confronting the double whammy of a Trump administration being in command of the immensely powerful NSA. With the Presidency and both Houses of Congress in alignment, alarm bells are clanging in some segments to the tune of "A madman has been given the keys to the surveillance state."

Getting little mainstream attention, but lots of fervent discussion in some circles, are questions and concerns about Trump's intentions toward encryption and surveillance. Then there are the even less prosaic topics of privacy and Privacy Shield.

Trump's nominee for Secretary of Commerce is putting the latest scare into businesses that rely on Privacy Shield to facilitate the free flow of data between the US and Europe. At the same time as the Electronic Privacy Information Center (EPIC) was sending a letter to the new administration asking for stronger privacy protection, Wilbur Ross was hedging on a commitment to the deal.

The president of EPIC asked for stronger safeguards, warning that current surveillance practices pose a risk that Privacy Shield will collapse and devastate much of the internet economy. But Ross said "The agreements that exist obviously exist, but I think going forward there will be a tension between privacy on one hand and problems of localization and data and the implications that they have for the internet as we go forward."

This summer will see Privacy Shield's first annual review, jointly conducted each year by the European Commission and the U.S. Department of Commerce. If the ongoing reviews ever determine that Privacy Shield is not providing adequate protection, the European Commission can suspend it.

Privacy Shield is already facing several legal challenges in EU courts regarding American surveillance activity. Also being contested is the validity of Binding Corporate Rules and Model Clauses.

Vera Jourova, EU Justice Commissioner and a driving force behind Privacy Shield's implementation, intends to assess the Trump administration's commitment to the policies that support the Privacy Shield framework. She will visit the US to evaluate the new government's intent to adhere to commitments regarding US surveillance and law enforcement, that made the last minute adoption of Privacy Shield possible.

Jourova is explicitly qualified to make that assessment because she devised the last ditch plan to save Privacy Shield, which was already past its official January 31, 2016 deadline. Ultimately, Privacy Shield came into being based on letters by officials in the Obama administration, giving assurances that satisfied EU requirements. Those letters are annexes to the law that forms the legal basis for the Privacy Shield in the EU.

The letters' underlying support is President Obama's 2014 Presidential Policy Directive 28 (PPD-28) declaring that "all persons should be treated with dignity and respect regardless of their nationality or wherever they might reside, and all persons have legitimate privacy interests in the handling of their personal information." 

As the President-elect declares his intend to revoke his predecessor's executive orders, fears for the ongoing existence of Privacy Shield are mounting. And in fact, the just-cancelled TPP contained provisions, now lost, that protected the free flow of data across borders. There is bipartisan support for keeping PPD-28 in place, and Republican Congressman James Sensenbrenner recently sent a letter to then President-elect Trump urging him to retain it.

Snowden predicts that Trump's election will result in the death of Privacy Shield. The new President's attitudes toward electronic surveillance and bulk data collection cannot help but endanger Privacy Shield and the free flow of data across the Atlantic.