News Archives

Wednesday, August 29, 2018

Obstacles in Second Annual Review of Privacy Shield

On July 4th, the EU Parliament called for the suspension of the of EU-US Privacy Shield framework if a number of deficiencies in US compliance with its commitments were not remedied by September 1st.  As the second annual EU-US review of the framework, slated for October, draws closer, it is worth considering the obstacles the two parties will need to contend with.  

Here are a half-dozen major concerns the Europeans have: 

1. The failure of the US to have a functional Privacy and Civil Liberties Oversight Board (PCLOB) in place.  While President Trump finally nominated two individuals to the Board on August 7, the US Senate has failed to move forward with the nominations. Earlier in the summer a coalition of major tech companies urged governmental action on the issue.  In late August, a coalition of 31 privacy groups pressed the Senate to act without delay, while Cameron Kerry, former General Counsel and Acting Director of the Department of Commerce, wrote in Lawfare that “The status of the PCLOB is the biggest issue in the annual review underway of the Privacy Shield framework”, adding that “The European Commission counted heavily on independent PCLOB oversight of intelligence surveillance in initially approving the Privacy Shield and, in its first review last year, called for ‘swift appointment of the missing members’ before the next review.” 

2. The refusal of the Trump administration to make public even unclassified portions of a 2014 PCLOB report on NSA surveillance completed for President Obama in December 2016, which prompted an ACLU FOIA request on July 12 that notes the importance of the report’s release to the EU for the Privacy Shield review.

3.  Adding additional fuel to this fire was the May 4 report in the New York Times that the NSA had tripled its collection of data from US phone companies and the August 13 report of the Inspector General of the NSA, which detailed numerous privacy concerns with the agency’s open source intelligence collection process.

4.  The failure of the Trump administration to appoint the permanent and independent Ombudsperson called for under the Privacy Shield framework.

5. Revelations concerning massive abuses of personal information by Facebook and Cambridge Analytica, even though both were participants in the Privacy Shield framework.

6. Concerns about the newly-enacted CLOUD Act creating potential conflicts with EU data protection laws.

As far as is known, the US has no complaints with Europe about the operation of Privacy Shield; the complaints all run the other way.   How tolerant the EU will be of the US failure to live up to its Privacy Shield commitments remains to be seen.

No comments:

Post a Comment