Is Trump Endangering the EU-US Data Protection Agreement?
Adelina Marini, January 26, 2017
The first report for the year of the Commissioner for Justice, Consumers and Gender Equality Věra Jourová (Czech Republic, ALDE) to the responsible Civil Liberties, Justice, and Home Affairs Committee in the European Parliament was dominated by questions on whether the new American President Donald Trump can be trusted with keeping the reached as a result of much hard work data protection agreements between the USA and the EU. In her very opening statement Mrs Jourová set a tone of concern by pointing out that adhering to the agreements package is in the hands of the USA. This is about the Passenger Name Record (PNR) agreement and the Data Protection Umbrella agreement.
The Passenger Name Record agreement for trans-Atlantic flights was signed in 2012 and is a part of the joint effort of the EU and the USA to fight terrorism. Arguments surrounding its signing were quite heated in the EU, but an agreement was finally reached. In July of last year the Commission made a decision for the creation of a privacy shield between the USA and the EU. The purpose of the shield is to protect the fundamental rights of EU citizens whose personal data has been transferred to the USA, as well as provide legal certainty for businesses, who rely on data transfers across the Atlantic ocean. The document includes safeguard clauses regarding the access of the American government, security agencies included, to EU citizens’ data and equalisation of the rights of EU citizens with those of American ones.
Personal data exchange is treated by the umbrella agreement between the USA and the EU. One of its most important goals is providing guarantees that every transfer of personal data (names, addresses, criminal records, bank accounts) will require prior authorisation by the competent authorities in the country of origin; that the data will only be held for a certain period of time; that every citizen will have access to their own personal data (under certain conditions); a mechanism is put in place for notification in case of a security breach; equalisation of rights. The agreement is coming into force on February 1 of this year.
This became possible after the USA made the necessary designations for its enforcement. Up until now 7 bodies and state administrations have been designated, who will deal with the privacy shield, informed Věra Jourová. On the umbrella agreement, on January 17 the US Attorney General has signed for the creation of 4 federal agencies and 9 new divisions within existing federal agencies, such as the US Department of Homeland Security, the US Department of Justice, including the FBI. Up to date, 1700 companies have registered and the system is functioning well, reported Commissioner Jourová. “I now count on the new US administration to maintain the commitments that underpin the privacy shield. This includes keeping in place presidential policy directive number 28 which is a key foundation for the part of privacy shield addressing exceptional access to data for national security reasons. It also requires the continued effective functioning of the new ombudsperson”, stated the Czech Commissioner, adding that she will make an official visit to the USA in April to meet her colleagues and check on the implementation.
This was, however, not sufficient for the MEPs in the committee. During the discussion, which lasted a little over an hour and a half on Monday afternoon, Mrs Jourová was literally flooded with questions about whether the new American administration could be trusted. As was pointed out by the Liberal MEP from The Netherlands Sophie in 't Veld, it is unlikely that Trump will be “the new champion of data protection”. “The main obligations stay on the side of the US”, replied the Commissioner. She expressed hope that there will be continuity. “I also cannot foresee now or say that Mr Trump will be a champion and big defender of privacy of Europeans. So, I think nobody of us can foresee something like that”, she added.
In the end Věra Jourová wanted to be optimistic. She shared with the committee members that she had been assured by people “who understand the American situation” that Mr Trump is a businessman, who knows what is good and what is bad for business. “So he will probably check and assess the system from this perspective”, were her words. She promised that the first annual review of the functioning of the umbrella of agreements and the shield will not be a rosy picture, but will consist of nothing but the truth. Even if the American administration should veer in a direction, which is unwanted by the EU, the solution is simple, she assured – unilateral cessation of the agreements.
Věra Jourová informed that on January 10th the EC has presented a strategic approach to the international transfer of personal data and for the promotion of data protection standards worldwide. The main goal at this stage is brokering agreements with key partners like Japan and South Korea, who have recently modernised their legislation on personal data protection.
This, too, was met with scepticism. Sophie in 't Veld asked the rhetorical question how, having in mind the difficulties of negotiations with the USA, will the implementation of the correct standards be guaranteed. The initiative for an agreement about personal data with the USA was initiated by the European Parliament, which in a resolution of March 2009 requested such an agreement. In December of that same year the European Council mandated the Commission with proposing a recommendation for negotiations. In May of 2010 the EC proposed a draft of a mandate for negotiations, which began in March of 2011. The umbrella agreement was officially signed in June of last year.
Translated by Stanimir Stoev