On March 2, 2017, Věra Jourová – the Justice on the European Commission tasked with “Consumers and Gender Equality” recently raised a vague concern as to whether the Privacy Shield could withstand President Trump’s recent immigration executive order. She said “If there is a significant change, we will suspend”. This minimalist threat, however, seems more like an attempt to play up her visit to the White House in late March.
Privacy Shield is the data-transfer agreement negotiated by the United States and the European Union in February 2016 that is now relied upon by many international firms transferring and maintaining personal data between the EU and US. Given that it was a court challenge that ultimately gave rise to Privacy Shield, it will always be subject to threat from legal action. In fact, the ACLU and Human Rights Watch has already tried to stir the pot by sending a letter to the EU Commission after Trump’s recent executive action on immigration. It is not clear why the American Civil Liberties Union would care about the privacy rights of those in the EU but that is left for a separate discussion.
To nip all of this in the bud, on February 22, 2017, Acting Federal Trade Commission Chairman Maureen Ohlhausen previously said that the immigration order would not in any way affect the FTC’s enforcement of the Privacy Shield given that order does not impact commercial activity. To that end, Commissioner Jourová also previously said she was “not worried” but remained vigilant regarding the order.
There are lawyers who believe that Privacy Shield may be in play due to the President’s activities. For example, Aaron Tantleff of Foley & Lardner LLP is reported as saying “certain actions being taken by this administration could lead to the suspension of Privacy Shield. We may leave the EU Commission and Parliament with no choice.” Such vague missives may be good at percolating new business but do not represent a pragmatic perspective regarding Privacy Shield’s real threat.
Given the now entrenched nature of Privacy Shield and the vested interest EU and US business interests have in its continued implementation, it appears only another judicial blow based on the lack of data security will derail it – requiring the same sort of EU court ruling based on NSA data collection that ultimately cut down the predecessor Safe Harbor rules in the first place. Simply put, until the new Administration’s activities adversely impact the security of personal data by mass collecting data or forcing companies to compromise data security features there is not much to worry about.