In a presentation to the EU Parliament's Committee on Civil Liberties, Justice and Home Affairs yesterday, Tiina Astola painted a pretty optimistic view of Privacy Shield's status. The European Commission's director-general of DG Justice and Consumers was there to discuss the Commission's first review of the EU-U.S. agreement, the subhead of which reads, "[It] works but implementation can be improved."
Astola brought word of success with her U.S. counterparts. She called the "level of engagement of the U.S. authorities unprecedented" during the review process, which she said sets an important new standard for future reviews. She reported the U.S. Department of Commerce has implemented the mechanisms and systems it and the commission agreed upon in negotiations for Privacy Shield last year, from improvements in monitoring compliance to creating mechanisms to address European complaints.
She conceded there were a number of operational recommendations made in the recent report — specifically, while strides have been made, Commerce's compliance monitoring should still improve. And, she noted, there are some unknowns. For example, the U.S.'s Privacy and Civil Liberties Oversight Board currently comprises one person, though it takes five to fully staff it. Then there's Section 702 of the Foreign Intelligence Surveillance Act up for renewal before year's end.
"Of course we have to remain vigilant and closely monitor any relevant development," she said.
But on the whole, Astola's presentation was imbued with optimism.
Her audience members in the LIBE Committee were less enthusiastic. In fact, they were incredulous.
MEP Sophie in' t Veld said she was "not very impressed." She said the Privacy Shield is an arrangement that, like its predecessor Safe Harbor, "is again going to be shredded in court." She said even "those very flimsy safeguards are not being implemented." While Astola claimed she'd met with PCLOB, "PCLOB doesn't exist because it consists of one person," save for a recent appointment to chair PCLOB, Adam Klein, as reported by The Privacy Advisor.
She continued, "The ombudsman has not been appointed 10 months after the office was established," and things aren't looking good either, she asserted, because even though Trump is "appointing people the whole bloody time, so many people have been dismissed already.
"How are things better than with Safe Harbor at the moment? ... This is completely the same thing."
In't Veld's colleague, German Social Democrat MEP Birgit Sippel, shared her concerns. She said while there's been some progress and improvements, MEPs heard the same thing about Safe Harbor for a year before a court decision took it down.
"Clearly we see the same problems we had with Safe Harbor continue," she said. "Some [companies] pretend they are part of Privacy Shield but never asked for it, or haven't been approved but show certification on their internet pages ... What makes you think we really can make progress in this area?"
Astola was steadfast. On the Privacy Shield: The remaining member of PCLOB assured the EC that even though she's the only member, all initiatives from before PCLOB's lost quorum can proceed. And sure, President Trump still has a lot of appointments to make, but he's nominated PCLOB's chair, and that's good. "I see this as moving on," she said. And yeah, the ombudsperson hasn't been appointed. But there hasn't been a complaint yet that reached that level, so that's not a fire that needs putting out at this moment, and there's a person tasked with the job should a complaint arise. When the EC asked the U.S. if there are procedures in place to deal with that first elevated complaint, the U.S. was able to demonstrate there are mechanisms, Astola testified.
But most importantly, she seemed to suggest, is the U.S.'s attitude these days. For Astola, it was a significant point to be made that the commission's counterparts are participating in earnest.
"The whole dialogue we are now having with officials from the U.S. show there is ... recognition from their side that if this doesn't function, we can go back to them," she said. "And if it doesn't function, we have to draw conclusions. ... The fact we saw such serious work with the administration with certifications, monitoring and enforcing. All that, I think, is proof of them seeing how important it is."
As for 702's reauthorization, she said what's really important is "Privacy Shield has opened a line of communication on this issue that was not at all common in the past."
In't Veld wasn't having it. At all.
"You are relying on assurances on a president and an administration that is not reliable," she said. "Where do you draw the line? For how much longer do you tolerate? It's the decision of the commission. You're failing the citizens if you let this pass."
If you want to comment on this post, you need to login.