Over the past fifteen years, an uneasy trans-Atlantic equilibrium between U.S. law enforcement and security agencies’ collection of personal information, sometimes on a bulk basis, and European privacy protection imperatives has prevailed—even despite Edward Snowden's disclosures. Most notably, beginning in the immediate post-9/11 era, international agreements enabling U.S. access to Europeans’ airline passenger name records (PNR) and international bank transaction data were reached, and have been quietly functioning.
Latest in EU-US Privacy Shield
Does the FISA court perform a recognizably judicial function when it reviews 702 minimization procedures for compliance with the Fourth amendment? Our guest for episode 115 is Orin Kerr, GWU professor and all-round computer crime guru.
EU data protection authorities, the Article 29 Working Party (WP), have issued a comprehensive analysis of the proposed EU-US data transfer agreement. Privacy Shield, as it’s known, would replace the Safe Harbor agreement struck down by the Court of Justice of the European Union (CJEU) in Schrems. Since the CJEU in Schrems relied heavily on the WP’s earlier critical assessment of Safe Harbor, the WP’s take on Privacy Shield has been eager anticipated.
If the devil is in the details, then the announcement early Monday of the inner workings of the new US-EU data-transfer agreement, Privacy Shield, may lack the granularity the deal needs to flourish. There is much to applaud in the new agreement, including extraordinary transparency from the US and a new safeguard to address EU privacy complaints in the form of a State Department Ombudsperson.
In the years since Edward Snowden claimed that U.S. intelligence agencies were tapping into Europeans’ personal data flowing to the United States through undersea cables, an icy distrust has prevailed between Washington and Brussels on the subject of privacy and security. Tensions reached a new high last fall, when the European Court of Justice (ECJ) invalidated the principal legal mechanism for trans-Atlantic data flows, the U.S.-EU Safe Harbor Framework on protecting personal information in the commercial context.
U.S. and European Union data-regulators today reached a new legal framework that will govern the transfer of data across the Atlantic. The new agreement—called the E.U.-U.S. Privacy Shield—will replace the Safe Harbor agreement that was struck down by the European high court in October. That ruling, largely informed by news reports regarding U.S. surveillance practices, claimed that the United States did not adequately protect the privacy of Europeans. Even so, European and American negotiators appeared positive today that the new agreement will withstand court scrutiny.