The Department of Commerce and the European Union held the first review of the EU-U.S. Privacy Shield this week, where the parties discussed methods for keeping consumer data private.
The Privacy Shield mandates transparency regarding how participating companies use personal data, strong U.S. government oversight, and increased cooperation with EU data protection authorities (DPAs). Participating companies must inform consumers about data processing, provide free and accessible dispute resolution, cooperate with the Commerce Department, maintain data integrity and purpose limitation, ensure accountability for data transferred to third parties, create transparency related to enforcement actions, and ensure that these commitments are kept as long as data is held.
More than 2,400 organizations, including Microsoft, Facebook, and Google, have joined the Privacy Shield.
President Donald Trump’s first immigration executive order said that agency regulations about the Federal Privacy Act no longer apply to persons outside the United States. This move raised red flags for proponents of the EU-U.S. Privacy Shield. The Federal Communication Commission’s (FCC) new privacy regulations also raised concerns for European consumers because the regulations limited the government’s control over data privacy rules for broadband providers.
“EU officials visiting Washington in April acknowledged that these events do not affect data transferred under the Privacy Shield and that the major elements of the framework were intact and working,” said Cameron Kerry, distinguished visiting fellow for governance studies at the Center for Technology Innovation at the Brookings Institution. “Nevertheless, they expressed concern about what one characterized as ‘background music’ that is making the annual review challenging.”
During the review, Privacy Shield participants shared information on framework compliance. Officials examined the administration’s enforcement of the Privacy Shield, including issues related to commercial and national security-related matters, and broader U.S. legal developments.
“The United States and the European Union share an interest in the Framework’s success and remain committed to continued collaboration to ensure it functions as intended,” said Commerce Secretary Wilbur Ross and EU Commissioner Vera Jourova in a joint statement on Sept. 20.
The White House also provided support for the review process and said that the shield has “noticeably improved” transatlantic data protection practices.
“We firmly believe that the upcoming review will demonstrate the strength of the American promise to protect the personal data of citizens on both sides of the Atlantic,” the White House said in a statement on Sept. 15. “Programs like the Privacy Shield and the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system enable the free flow of information, which sustains the nearly $1 trillion dollars in goods and services trade across the Atlantic, and even more around the globe.”