US, EU Pleased With Privacy Shield Review; Experts Expect Mostly Smooth Sailing
Teams from the U.S. and EU concluded the first annual review of the Privacy Shield agreement Wednesday, with a report expected in October that may influence changes though overall experts still see mostly smooth sailing. "Discussions over the past days were fruitful," European Justice Commissioner Vera Jourová said in a Thursday statement. "The Privacy Shield can be a win-win for the EU and the US, if implemented correctly." She said the U.S. administration showed its commitment to the framework and European concerns. The two-day joint review meetings ended with a phone call between her and Commerce Secretary Wilbur Ross, a spokeswoman said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
More than 2,500 U.S. businesses have self-certified with the framework as of Thursday, committing to PS principles and implementing processes that would protect personal data. "The review examined all aspects of the administration and enforcement of the Privacy Shield, including commercial and national-security related matters, as well as broader U.S. legal developments," said an EU-U.S. statement. "Participants also discussed their respective work to implement the Privacy Shield program during its inaugural year, recognizing the value of regular communication between U.S. and EU authorities." The statement said the framework "raised the bar" for data protection.
The main takeaway appears that the EU delegation was "pretty pleased with the U.S. presentation and implementation," and especially how well prepared the U.S. government and industry speakers were, said Computer & Communications Industry Association Senior Policy Counsel Bijan Madhani. As expected, the Europeans again raised concerns about the lack of a quorum with the Privacy and Civil Liberties Oversight Board, and its sole member Elisebeth Collins, a Republican, gave a presentation, Madhani said. He said the EU had questions about where implementation can be improved.
"I expect those implementation concerns will make it into the report and influence how Commerce administers the program, and we'll continue to see pressure on the Administration to nominate more PCLOB board members," Madhani emailed. He said European data protection authorities, present at the review, could issue a corollary report. Dan Caprio, who worked at the FTC and Commerce and is now chairman of cybersecurity consulting company Providence Group, thinks it went well and both sides are invested in the framework’s success. “Nothing to fall back on,” he added.
London-based Cordery attorney Jonathan Armstrong said both sides said it went well and they "want to sound upbeat." He emailed that Jourová expressed concern about vacancies with the FTC and other agencies, including the acting ombudsperson in the State Department: "I think there's some lack of faith in the whole process," he said. "How can it be an annual review when the anniversary of the scheme was in July? Secondly how has it 'raised the bar' -- there have only been 3 enforcement actions effectively for a misleading trade statement." Armstrong was referring to the FTC's settlement with three companies over allegedly misleading consumers about participation in the framework (see 1709080025). "The Commission's review would not be Privacy Shield's toughest test," Armstrong added he continues to contend, "which makes other challenges more likely."
Software & Information Industry Association Vice President-Public Policy Mark MacCarthy said in a statement he agrees the framework has "raised the bar" for data protection. "It is our hope that more companies sign on to the Privacy Shield, which will increase its impact and effectiveness," he said. BSA|The Software Alliance tweeted Thursday that it's "optimistic" for renewal. But Max Schrems, a critic of the agreement and whose lawsuit in the European Court of Justice led to safe harbor being scrapped nearly two years ago (see 1510060001), tweeted Monday that he looked forward "to being amused about the Commission's "A" to "A-" self-grading on the fully flawed #SafeHarbor 2.0 (aka #PrivacyShield)."