The EU/US Privacy Shield under President Trump
An Executive Order signed by President Trump in late January, curtails data privacy protection which had been extended to foreigners during the Obama administration. The Executive Order is aimed at enhancing domestic enforcement of U.S. immigration laws and ensures that the privacy policy of U.S. agencies excludes persons, who are not U.S. citizens or lawful permanent residents, from the protection of the Privacy Act regarding personally identifiable information.
At this stage, it is not clear how damaging the policy change might be to the continued functioning of Privacy Shield. However, the Trump administration’s policy of enhancing public safety within the United States, certainly looks likely to deepen concerns about the legal robustness of the EU-US data transfer mechanisms, given it’s explicitly seeking to strip away privacy protection from non-U.S. citizens – quite the opposite of what the European Commission was intent on achieving. If adequate protection for EU personal data can no longer be guaranteed, then a suspension of the Privacy Shield is likely and this does not bode well for easy data flows between Europe and the U.S., as it would otherwise give U.S. government agencies ready access to European citizen’s data.
The aim of Privacy Shield was to provide a streamlined mechanism authorizing EU-US personal data Transfers, while adhering to EU privacy law. The new administrations priority on controlling immigration and strengthening homeland security suggest, that the U.S. is pulling in a very different direction.
It is quite clear that intelligence gathering must include accessing protected personal data (PROTINT), but only when there is sufficient cause and integrity of motive. The methods must be proportionate, transparent and regulated and should be a last Resort, rather than what seems to be emerging under the Trump administration.
The consequences of this shift in policy for European companies are clear. They must work under the assumption, that data stored in the U.S. is liable to be accessed proactively and should seek to manage the problem by retaining sensitive and personal data within the European Union. Information security starts at home!
Disclaimer: Assessments of security situations are based on the information available at the time specified and assessed as trustworthy by German Business Protection (GBP). Although the compilation of the information was handled with extreme care, GBP cannot be made responsible for the timeliness, accuracy or completeness of the article. In no event GBP can be held responsible for any damage of any kind arising from the use of the information provided here, whether direct or indirect or consequential damages, including lost profits. Hazardous situations are often confusing and can change rapidly.