The US administration is critical of calls coming from the EU for personal data to be localised on the bloc and thus avoid having to be transferred to third countries, following last year’s ruling from the European Court of Justice in the famed Schrems II case.
Moreover, there should also be more attention paid to Chinese-established firms that have access to EU personal data, said Christopher Hoff, who is leading discussions on behalf of the US Department of Commerce on a new transatlantic data accord with the EU.
His comments came as part of a EURACTIV panel on Wednesday (10 March), where Ireland’s Data Protection Commissioner, Helen Dixon, also revealed that her authority believes that the video-sharing platform TikTok may be sending EU data to mainland China.
Data localisation concerns
On the subject of data localisation, Hoff noted his concerns at comments coming from various data protection authorities in the EU, including the bloc’s umbrella data protection authority, the European Data Protection Board, which have gestured towards more data localisation in the EU.
Such comments came on the back of last year’s decision by the EU courts to strike down the EU-US Privacy Shield agreement, and order that revisions be made to Standard Contractual Clauses, individual agreements that facilitate the global transmission of EU data.
“I am concerned about data localisation, de facto or built into the law,” Hoff said, adding that he would much rather support an agreement on international data transfers at the level of the G7 and with “like-minded democracies.”
More attention on China
In this vein, Hoff said more scrutiny should be paid to how certain “totalitarian” regimes, including China, have access to EU personal data.
“This narrative that the US is different than EU member states in practice, it’s tiring for us in the US, and it has been years or decades-long,” he said.
“It distracts all of us from this conversation about totalitarian regimes like China, who we all do business with.”
‘Getting to know’ TikTok
In this context, the Irish Data Protection Commissioner Helen Dixon, who also took part in the EURACTIV event sponsored by Cisco, spoke about the emerging concerns being the lead authority in the EU for overseeing TikTok’s data protection standards.
“There are a number of challenges in relation to TikTok for the Irish DPC,” Dixon said. “First of all is now to get to know TikTok, to get to know and understand the service, to get to know and understand the data protection team in Dublin.”
Dixon also disclosed that the Irish data protection commission has also had a “significant number of meetings” with TikTok since December when it was confirmed that the platform would be on the authority’s books, and that as a result of research conducted by the DPC, there may be issues related to EU personal data being sent to mainland China.
“TikTok tells us that EU data is transferred to the US and not to China. However, we have understood that there is the possibility that maintenance and AI engineers in China may be accessing the data.”
“There’s a whole lot more we need to understand about all of that,” Dixon said, adding that “intensive engagement” with the platform is ongoing. TikTok has not responded to EURACTIV’s request for comment by the time this article was published.
[Edited by Zoran Radosavljevic]