The new move coming form the other side of the Ocean (and yes I mean USA) is aligned with Mr. Trump approach to international agreements.
After Paris climate agreement Donald Trump presidency is shining again in its confrontation with old europe.
The target now is the Privacy Shield Agreement, the agreement that has been reached between USA and EU in order to protect the privacy of EU citizen whose data are collected by USA company.
It should not comes out as a surprise, historically the to side of the ocean have had a deep different approach to personal data protection.
Now accordingly to section 14 of the just signed Trump’s executive order “Executive Order on Public Safety”, USA law enforcement agencies have to explicitly strip out from their privacy policies all non US citizen and Resident.
In other words no protection is assured to the data associated to EU citizen stored in USA datacenters.
Under the Privacy Shield, EU citizens have rights to redress – including judicial redress – for improper disclosure of their data. The Judicial Redress Act (JRA) of 2015, which extended to EU citizens the protections of the Privacy Act of 1974, was critical to European acceptance of the Privacy Shield.
Last month, with a stroke of the pen that could unsettle EU privacy watchdogs, President Trump issued an executive order directing that federal agencies craft their privacy policies to exclude non-US citizens from Privacy Act protections.
This clearly broke the Privacy Shield agreement. For the few of you that remember the story this agreement comes out after the crashing of the previous SafeHarbour agreement.
Safe Harbour was declared ineffective by european supreme court of justice after the Prism activity form USA government was exposed. Now while europe is moving towards GDPR adoption and a strict set of rules in order to protect the privacy of EU citizen and resident, USA has loosen once again the rules exposing, as a matter of fact, EU citizen’s data to risk.
Considering the amount of data (from Facebook to Google, from Microsoft to Apple) that are under this protection act the magnitude of this is enormous, basically this unilateral USA decision put at stake most of the digital economy.
And just to be clear Privacy Shield was not perfect even from an European point of view: in September, an advocacy group known as Digital Rights Ireland asked the second highest European Court to annul the agreement on the grounds that it doesn’t provide enough privacy protection for EU data. Shortly thereafter, a French civil liberties group filed a similar suit. So the new Trump’s administration moves hardly will encounter an easy acceptance in EU.
Now to be fair the impact of the new Executive Order against the Privacy Shield is not clear, someone in Trump administration is suggesting that eventual access to EU citizen data would be not due to mass surveillance and therefore the agreement is not in jeopardy, but considering precedents and the current relationships between USA and EU those sound more like empty words to address the internal USA electoral base (see us EU fault, we’re doing right) than a clear and honest analysis.
Some legal experts, however, have downplayed that concern by pointing out that the order seemsto include an exception for Privacy Shield. But given the recent skittishness of European regulators about U.S. surveillance, calls are mounting for the White House to publicly reassure Europeans the order doesn’t affect their data.
We will see what will happen.
For sure the distance between USA and EU have not been bigger, and at the moment (but I am in the EU side) we are in the side for protect our planet from climate change, protect privacy and freedom of citizen from unwanted access.