Good afternoon from Portsmouth, New Hampshire!
It’s almost a year to the day since the last time I was at our IAPP headquarters. March 13, 2020, was probably the last normal day I experienced, and it’s surreal to think we’ve been operating in the virtual space for an entire year. But hope is on the horizon! Vaccinations are speeding up, and the light at the end of the tunnel is getting brighter and brighter. Now, as I have mentioned in this space before, I love some retrospection but have zero interest in all these pieces about how the world shut down last March. I do not want to read about the week where everything shut down and how naive we were about what was coming — especially since, you know, the pandemic isn’t over.
Cycle those stories back to me in, say, 15 to 20 years.
The pandemic may be inching toward the finish line, but the work carries on for privacy professionals. One item that looks like it’s nowhere close to concluding is the work on a replacement for the EU-U.S. Privacy Shield agreement. The Court of Justice of the European Union struck down Privacy Shield last July, and despite some early rumblings of negotiations between the two sides, news on a new data transfer deal has been hard to come by.
And based on what’s coming from the other side of the Atlantic, privacy professionals shouldn’t expect a quick fix. European Union Justice Commissioner Didier Reynders said he expects the process for a new data transfer agreement to take years, not months, as he believes it will be a challenge to find a solution that protects citizens’ data from U.S. intelligence agencies.
It’s a sentiment that was shared by NOYB Founder Max Schrems. During a Wall Street Journal Pro Cybersecurity webinar, Schrems said unless there is real legislative reform in the U.S., the next data transfer agreement will likely meet the same fate as Privacy Shield.
Everyone expects federal privacy legislation to grace the U.S. at some point in the future, but it isn’t going to happen overnight either. Since federal rules are all hypothetical at this point, it remains to be seen whether they will address the surveillance concerns raised by the EU. So far, proposed bills primarily deal with the commercial space and not the nation's national security apparatus.
This doesn’t mean all is lost. The appointment of U.S. Department of Commerce Deputy Assistant Secretary for Services Christopher Hoff is a signal that the Biden administration is treating a Privacy Shield replacement as a priority.
The IAPP’s own research director, Caitlin Fennessy, who has experience in these matters having served as the Privacy Shield director at the U.S. International Trade Administration, said during the same WSJ Pro webinar she believes the willingness from both the EU and U.S. will help the next data transfer agreement weather future storms.
Some are urging an alternative route to data transfers. Baker McKenzie's Brian Hengesbaugh, for example, is urging the Biden administration to "go big" and initiate talks among nations that share values around human rights and democracy to create what he calls a "multilateral privacy treaty." For more on this, check out Hengesbaugh's interview with IAPP Editorial Director Jedidiah Bracy in the latest episode of The Privacy Advisor Podcast.
The road to a new data transfer agreement will eventually open up, but privacy professionals are more likely to receive a vaccine shot before a "Privacy Shield 2.0" solution in 2021.