EU Justice Commissioner Věra Jourová said she was relieved that US President Trump’s “America first” policy will not shatter the EU-US privacy shield agreement on data transfers, after meeting with Commerce Secretary Wilbur Ross on Monday (18 September) to scrutinise the one-year-old deal.
“I am glad to be reassured that ‘America first’ doesn’t mean ‘America only’,” Jourová said in a statement after the first day of talks finished on Monday.
Jourová and a group of data protection watchdogs from EU countries started a process to review the EU-US data transfer agreement in Washington with Ross and other US officials.
The review has been highly anticipated because Jourová could pull the plug on the controversial deal if she decides that American authorities have not set up enough safeguards to protect EU citizens’ privacy.
“I came here with a clear message that I would like to make sure that privacy shield works, that it brings the necessary equivalent protection that Europeans enjoy in the EU, and that we want to work together to keep privacy shield going,” the EU justice chief said.
Jourová said that when she met Ross for the first time in April, many people asked her whether she was concerned about Trump’s “America first” policy. But she sounded relieved.
“Mr Ross gave me his assurance that they take it very seriously and that they are going to do what they committed to do under the privacy shield scheme,” she said.
Jourová did not elaborate on Monday about what improvements she wants US officials to make to the agreement.
She and Ross will meet again on Wednesday when their teams of reviewers finish combing through details of the agreement.
Jourová will be under pressure this week to demand measures to make sure US authorities appoint a permanent ombudsperson to oversee Europeans’ complaints about which authorities can access their data, and under what conditions. Privacy watchdogs will also want Jourová to come back with a renewed guarantee that US intelligence agencies cannot collect Europeans’ data in bulk.
When privacy shield was agreed in July 2016, US officials vowed that they would appoint an ombudsperson. That is one of the many posts in the State Department that the Trump administration has not yet filled.
A Commission spokesman said Jourová told Ross during their meeting that the review should prove that US oversight measures, including the ombudsperson post, actually work, and that “the underlying US legal framework remains in place”.
Jourová and her legal experts are hoping Ross will recognise that American companies rely on the agreement.
In the last year, more than 2,400 companies have signed up to use privacy shield to transfer consumer data from the EU to the US.
“The privacy shield is vitally important for American and European companies to continue to transfer data across the Atlantic and do business and sets a high standard for the protection of consumer data,” Kara Sutton from the US Chamber of Commerce said in a statement.
Jourová underscored that the privacy deal has a strong business case. “Transfer of data underpins our huge trade relations and is bread and butter for many European and American companies,” she said on Monday.
Last Friday, the White House offered an olive branch to the EU.
The review will “demonstrate the strength of the American promise to protect the personal data of citizens on both sides of the Atlantic,” the White House said in a statement.
It was the first time the Trump White House had publicly commented on the privacy shield, which EU and US officials agreed in the last months of former President Obama’s term.
Business lobbies want the Commission to give privacy shield passing marks when it publishes its report from the review in late October.
But critics of the agreement will also be eager to scrutinise the Commission’s assessment.
A lineup of MEPs and national data protection authorities will want to give the report a thorough reading. The European Parliament approved a resolution in April asking the Commission to add more stringent safeguards to the agreement after Trump vowed to roll back some Obama-era data privacy rules.
Privacy campaign groups have already filed two complaints against the deal at the European Court of Justice, which ruled its predecessor, the safe harbour agreement, illegal in 2015. That ruling sent negotiators rushing to seal a replacement deal so that companies could keep transferring data. Some critics argue it still isn’t good enough.
Max Schrems, the Austrian lawyer whose lawsuit toppled the safe harbour agreement, tweeted on Monday: “Looking forward to being amused about the Commission’s “A” to “A-” self-grading on the fully flawed #SafeHarbor 2.0 (aka #PrivacyShield)…”
— Max Schrems (@maxschrems) September 18, 2017
Hearings in the two pending cases against privacy shield have not started yet.