Trump signs executive order stripping non-citizens of privacy rights (updated)
The six month-old Privacy Shield agreement between the US and EU is now in jeopardy.
With a stroke of his pen, the president just potentially invalidated a transcontinental data flow agreement between the US and EU which took years to negotiate.
The US-EU Privacy Shield agreement is an authorization framework which enables companies to transfer the personal data of Europeans to the US while ensuring that the companies operate within compliance of Europe's more stringent privacy laws. It effectively ensured that European personal data -- that is, any such data originating from the EU, not just that of EU citizens -- would be protected to the standards that the EU demands -- whether the data is sitting on a server in Paris, France or Paris, Texas.
More than 1,500 companies including Apple, Google and Microsoft had agreed to abide by the Privacy Shield agreement, which requires the US Department of Commerce to ensure that American companies are operating in compliance. It took the place of the earlier Safe Harbor agreement, which the European Court of Justice ruled ineffective and invalid after the Snowden leaks came to light in 2013.
This agreement -- as well as the legal ability for US companies to serve European customers -- in now in very real danger of unravelling. And it's all thanks to an Executive Order that Trump signed earlier this week. Specifically, it's Section 14, which reads:
Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
Enforcing privacy policies that specifically "exclude persons who are not United States citizens or lawful permanent residents," while aimed at enhancing domestic immigration laws, effectively invalidates America's part of the Privacy Shield agreement, opens the current administration up to sanctions by the EU and could lead our allies across the Atlantic to suspend the agreement outright.
.@EU_Commission : If adequacy is no longer guaranteed, we will have to suspend the #PrivacyShield #cpdp2017
— Laura Kayali (@LauKaya) January 25, 2017
If that happens, things are going to get really uncomfortable for US companies trying to do digital business in the EU. Without that authorization framework in place, these companies will be forced to operate in a legal grey zone making it far more difficult for them to serve their European clients.
Update: The European Commission has issued a response to Trump's executive order, which can be seen below.
Full statement of @EU_Commission on #PrivacyShield and US/EU umbrella agreement pic.twitter.com/jjZOej1ny1
— Laura Kayali (@LauKaya) January 26, 2017
