Privacy Shield; the way forward or lipstick on a pig?

Amsterdam, July 12th 2017.

Just recently, on May 7th, The European Economic Area Joint Committee has officially adopted a decision to incorporate the EU-U.S. Privacy Shield adequacy decision into the EEA Agreement, which establishes the framework as a valid mechanism to transfer data from EEA member states to the U.S.A.

This decision made, is rather peculiar as the Privacy Shield itself (after Safer Harbour was declared invalid)  has sparked vivid discussions about the adequacy of the Shield all together. With only a few months to go until a scheduled European Commission review of the so-called Privacy Shield transatlantic data transfer framework (September 2017), two US NGOs have weighed in with devastating warnings that America isn’t keeping its side of the deal.

As that date draws nearer, the Center for Digital Democracy (CDD), which specialises in data protection issues in digital marketplaces, and Access Now, which “defends and extends the digital rights of users at risk around the world”, have both criticised Privacy Shield as being not fit-for-purpose, with the former calling for it to be scrapped completely.

To make things even worse:

An Executive Order signed in January by U.S. President Donald Trump in his first few days in office, jeopardised the six-month-old data transfer framework that enables EU citizens’ personal data to flow to the U.S. for processing — with the promise of ‘essentially equivalent’ privacy protection once it gets there.

Also, on March 28, Congress voted along party lines to kill a set of rules adopted by the Federal Communications Commission in October that would’ve forced your internet service provider, or ISP, to ask you before it collected – and sold- certain personal information. In both chambers, most Republicans voted to repeal the rules, while Democrats voted against. President Donald Trump quickly signed the resolution overnight, turning it into law and repealing again a federal regulation passed late in the Obama administration.

Lipstick on a pig.

The Privacy Shield is meant to “restore trust in transatlantic data flows,” but Max Schrems, the man who Slayed the Safe Harbour agreement, was not convinced when it was published February 2016. He labelled the new data protection umbrella as follows:

‘#PrivacyShield: They put ten layers of lipstick on a pig but I doubt the Court&DPAs suddenly want to cuddle with it!”

With a republican majority governance that is eager to repeal Privacy Protection legislation and a White House with it’s president is being sued because of blocking Twitter followers, it is clear that sending your Privacy sensitive data across the digital US border isn’t without severe risk.

With all layers of lipstick now removed the privacy pig is still a pig and the U.S. government is looking more and more like George Orwell’s Animal Farm mr. Jones.  Question is; will the animals rebel, sue mr. Jones and claim their privacy back? The near future will tell..

Dimitri van Zantvliet Rozemeijer
EU Privacy Protectors


Creative Commons Licence
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.