Software Industry Sees Privacy Shield Working as Intended
The EU-U.S. Privacy Shield is working as intended, American software industry groups told us, and companies expect the program to be extended at the end of the current review, as do some in Europe (see 1810170028). A privacy advocate also expects extension but warned officials are avoiding the bigger issue -- lack of cohesion between U.S. and EU surveillance laws. Two other privacy advocates expect the FTC’s ongoing Facebook-Cambridge Analytica probe to heavily influence negotiations pending EU recommendations for the agreement.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The Software & Information Industry Association expects FTC Chairman Joe Simons to defend the Privacy Shield with statistics about the agency’s enforcement actions since the program’s inception, like he did in Brussels (see 1810180041). The FTC has a strong enforcement record in this regard, while the EU lacks statistics on general data protection regulation enforcement actions, said SIIA Senior Director-International Public Policy Carl Schonander. EU chief data privacy regulator Andrea Jelinek told the Senate Commerce Committee recently that EU regulators have opened some 270 GDPR-related cases since Oct. 1 (see 1810100066).
Schonander and BSA|The Software Alliance Director-Policy Shaundra Watson cited other positive developments for the PS: the Senate’s recent confirmation of three nominees for the Privacy and Civil Liberties Oversight Board (see 1810120003) and the State Department naming an acting PS ombudsperson (see 1810190053). SIIA would prefer a Senate-confirmed undersecretary as ombudsperson, Schonander said. Commerce Secretary Wilbur Ross and EU Justice Commissioner Vera Jourova recently urged a permanent political appointment (see 1810190053), citing the program’s significant growth. “There is no indication the framework is not working,” Watson said, saying the shield provides an effective mechanism to address privacy concerns.
Access Now Senior Policy Analyst Estelle Masse said the ombudsperson is inadequate for providing protection equivalent to EU law, but the position is essential for the agreement's continued viability. The position has been vacant since January 2017, she noted: “The U.S. administration has blatantly disregarded what has repeatedly been identified by the EU as a main priority for the functioning of the Privacy Shield.” Appointing a permanent person to the position is the “easiest” task the administration could complete to “confirm its commitment to the arrangement,” she said.
U.S. and EU officials are more interested in applying window dressing than fixing the broken window of friction between U.S. surveillance practices and EU courts, said Constitution Project Senior Counsel Jake Laperruque. Congress didn’t address European concerns during Foreign Intelligence Surveillance Act reauthorization, he said, and legal challenges are working their way toward the EU high court.
The Facebook-Cambridge Analytica probe will be a meaningful point of contention, World Privacy Forum Executive Director Pam Dixon said, especially since the FTC might be analyzing a second Facebook breach (see 1810050043). EU officials won't simply rubber stamp the agreement, Dixon said. She asked if it's possible for platforms to get a handle on data privacy given the firms' size and the variables involved.
It's important for EU officials to get details on the FTC’s Facebook probe because both the company and Cambridge Analytica were certified under the Privacy Shield, Masse said. “We expect more control and oversight from the FTC, not only reactive actions.”