The Changing Landscape of EU/US Privacy and Data Protection


Privacy and data protection was the object of significant focus at Europe-ATP’s conference, held in Lisbon, this fall. Conference delegates heard from keynote speaker Dr. Hielke Hijmans, Special Advisor to the European Data Protection Supervisor who spoke on the topic of reforming the EU rules on privacy and data protection. Also at the Conference, ATP’s Legislative Counsel, Alan Thiemann engaged with Dr. Hijmans in a discussion on EU/US privacy, which explored the changing landscape of privacy.

Thiemann gave an overview of the current state of affairs and how it has unfolded in recent months: “For more than a decade, the European Union has had a somewhat different view of consumer privacy than has existed in the United States.  Since 2000, the U.S.-EU Safe Harbor Framework has provided an important mechanism for U.S. companies to transfer data from Europe to the United States consistent with the 1995 EU Data Protection Directive.  However, in October 2015, the EU Court of Justice invalidated that agreement and US companies had to consider how to operate without the Safe Harbor.  At the same time, the EU has updated its privacy legislation by enacting the 2016 General Data Protection Regulation that will become effective in May 2018.   Early in 2016, the US Congress adopted helpful legislation granting new protections to EU citizens and in the summer of 2016 the US and the EU finalized a new approach to bilateral privacy between the US and the EU – the so-called Privacy Shield.”

Since the fall meeting, however, both an Irish privacy advocacy group, Digital Rights Ireland, and the French advocacy group, La Quadrature du Net, have filed legal challenges to the new Privacy Shield alleging that it does not contain adequate privacy protections for European citizens. According to news reports it may be a year or more before the court rules on the case.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes, including through a new privacy ombudsman within the State Department who will deal with complaints from EU citizens about U.S. spying.

Officials at the U.S. Department of Commerce - which negotiated the pact for the United States - reportedly knew a legal challenge was a possibility and are now monitoring the challenges.

According to Thiemann, “These groups are alleging that the U.S. Ombudsman, which is supposed to be the independent entity to resolve complaints over U.S. intelligence gathering, is not truly independent because it is under the U.S. State Department. However, both cases might not be allowed if the court rules that these public groups lack standing to raise the issues -- because they are not directly affected (as compared with individuals),” More details can be found in the accompanying article.”

At this point more than 500 US companies have signed up for the Privacy Shield and the Department of Commerce is processing more than 1000 more self-certification applications.

[Click here for the November 2, Technology News article: