Greetings from Portsmouth, New Hampshire!
Finally, summer is in full swing here in the Seacoast. We’ve entered into our first heat wave of the season, which means spending as much time as possible near some sort of body of water. Fortunately, there’s no shortage of those in our area. Hopefully, you’re near one, too.
Having Independence Day fall on a Wednesday means this week — for those of us not on vacation — featured two Mondays (I guess, on the flip side, this also means it featured two Fridays). The Fourth of July also means Europe must be making privacy news somehow. In my years here at the IAPP, I can’t remember a time when privacy developments did not come from our friends across the Atlantic during the holiday. (They tend to make news during Thanksgiving week, too.) I can’t blame them for keeping us on our toes.
We knew coming into the week that the European Parliament was set to vote on the EU-U.S. Privacy Shield agreement. Clearly, the Federal Trade Commission did, too. On Monday, the agency took action against a California-based online training services company for falsely claiming that it is “in the process of certifying” Shield compliance. It appears the company started the process back in October 2016 but didn’t follow through. New FTC Chairman Joe Simons made sure to point out the agency’s “continuing commitment to vigorous enforcement of the Privacy Shield,” while noting that it’s “a critical tool for ensuring transatlantic data flows” for companies and individuals alike.
Unsurprisingly, however, the European Parliament wasn’t swayed by this or the current state of the agreement. In a 303 to 223 vote, members of Parliament resolved to call on the European Commission to suspend the agreement “unless the US complies with EU data protection rules” by Sept. 1. It’s important to note the resolution is non-binding, but no doubt there is concern in Europe about how their data is being protected. Top of mind for MEPs is the ongoing Cambridge Analytica revelations and the recent adoption of the Clarifying Lawful Overseas Use of Data Act. Notably, the potential harm cited by MEPs concerns data breaches that “may pose a threat to democratic processes if data is used to manipulate political opinion or voting [behavior].”
In the privacy world, we talk a lot about privacy harm. If you agree that the rise of some big data technology is challenging traditional democratic processes, what harm could be bigger than that?
Of course, the U.S. Department of Commerce said it was “disappointed that the European Parliament disregarded the considerable information we provided” and pointed out the uncertainty this creates for businesses. Commerce also noted that the European Commission’s Věra Jourová has said “all elements on which our adequacy finding was based have remained in place since” the Trump administration took office.
But it wasn’t just the European Parliament jumping into the Privacy Shield fray this week. The newly minted European Data Protection Board was busy holding its second plenary meeting, in which it invited Ambassador Judith Garber, who is also acting U.S. ombudsperson for the Shield agreement. Though the meeting was described by MEPs as “interesting and collegial,” concerns remain and will be on top of the agenda when Shield undergoes its second annual review this October.
By then, the U.S. will be ramping up for what is becoming significant mid-term elections. Though the sky isn’t falling, the coming months will be interesting to watch.