EU Parliament's Albrecht says US politics cause nervousness, uncertainty in future of Privacy Shield

Statue of Liberty with EU Flag

July 19, 2017. By Adam Sigal.

Difficulty getting answers from the Trump administration due to appointee vacancies is causing uncertainty and nervousness among European officials over the future of the EU-US Privacy Shield, an EU Parliament member said Wednesday in Washington.

Jan Philipp Albrecht of Germany, vice chairman of the European Parliament's Committee on Civil Liberties, Justice and Home Affairs, made his comments at an event* that followed meetings with US government officials ahead of an August review of the trans-Atlantic data agreement.

The Privacy Shield is an agreement between the US and EU to ensure that governments and companies comply with privacy protection requirements when transferring data between countries.

Albrecht said that the Obama administration and Congress put forward specific programs and acknowledgements for protections of EU citizens and their privacy rights, but that it is not clear to the political leadership of the EU what will remain in place with President Donald Trump in the White House.

"The uncertainty coming with the new administration is making Europeans nervous," he said. "It is unclear if the level will be maintained on the US side. At the moment this is what we are insisting on."

When asked, Albrecht said that some Trump executive orders have led to "more nervousness."

He added that his delegation has been prevented from receiving "straight answers" because many US political appointee posts remain vacant. 

Privacy Shield review

Albrecht said that his delegation will continue to press the US to do better and make improvements to the Privacy Shield during the first annual review.

"There needs to be further fixing in the annual review," he said. He said that in his view the EU compromised on some points in order to get the initial agreement, and he believes the US must now be pushed further on some issues.

The EU Parliament member raised concerns that the agreement currently may not sufficiently meet European Court of Justice requirements, but he said that changes would bring it within the requirements.

"It was already a very hard compromise to get it accepted," Albrecht said. "Many of us in the EU knew that it wasn't sufficient legally" but approved the agreement in order to get a framework in place.

Congress is also considering changes to Section 702 of the Foreign Intelligence Surveillance Act that would impact the United States' commitments under the agreement. Congressional changes to the FISA provision would likely be concluded after the August review of the Privacy Shield.

"If there is any change which is diminishing the safeguards under the agreement, it will be very difficult" to keep the agreement in place, Albrecht said.

The review could also be impacted by events in a case currently before the European Court of Justice filed by Max Schrems, who successfully challenged the sufficiency of protections in the prior Safe Harbor agreement.

Schrems is now challenging the Privacy Shield on the same grounds. Albrecht described the pending litigation as a "big uncertain question."

The EU official said that there is a preliminary decision by a general advocate due in the case at the end of July. Though not a final ruling by the court, he said it could impact the annual review by influencing delegations' thinking on what an adequate protection is, or what safeguards should be in place.

UK agreements post-Brexit

Albrecht also mentioned the subject of the UK reaching a post-Brexit agreement with the EU on data flows.

"I have to say that if something is more uncertain than what is coming out of this new [US] administration, it would be Brexit. It is completely unclear where we are headed here," he said.

Albrecht said that if the UK agrees to stay in the single market it would require a continued adoption of the privacy regime current in place. Or there could be nothing in place, he said, causing significant disruptions and limited options for the cross-border transfer of personal data.

A third possibility, he said, would be UK data protections receiving an adequacy decision from the EU.

"Many people think [an adequacy determination] is easy to find, but I don't think it's so," Albrecht said.

He pointed to a recent determination by the US Department of Justice that questioned whether US citizens have enough protections under UK surveillance laws.

"The UK should be very concerned" about meeting adequacy under the EU standards, he said.

"Either there is a clear change in approach [by the UK leadership], which I don't see at the moment, or one should clearly push for the UK to stick to the single market," he said.

Trade agreements

While the recently concluded EU-Japan free trade agreement did not include a chapter on data protection or commerce, Albrecht said he was open to including one in future trade deals.

"Data protection is a fundamental right," Albrecht said, but that doesn't mean it must be enshrined in a trade agreement.

"It's an issue we should do in standards agreements, in international law," he said. "What is important in a free trade agreement is to ensure the free flow of services."

Albecht said that it was not important to put data protections into an agreement with Japan because of recent privacy legislation in Japan, describing those rules as "a good situation" that provides "adequate protection."

In the future there may be a situation where the EU will be required to include rules addressing data localization or privacy requirements in a trade agreement, he said.

*Trans-Atlantic data flows: The view from Europe. Brookings Institution. Washington, DC, July, 19 2017.

Countdown to the GDPR