Federal Trade Commission Commissioner Julie Brill on Thursday outlined some of Europeans’ privacy protections that will be included in the new “Privacy Shield” agreement between the U.S. and European Union.
The new deal to replace the defunct Safe Harbor will work as a legal framework to allow thousands of American companies to transfer European citizens’ data from Europe to their servers stateside. Officials are in the process of writing up the final details to send overseas, where European states will need to sign off before it goes into effect.
An EU-U.S. data-sharing agreement is essential for companies to work within the bounds of European privacy laws, which are generally much more strict than U.S. laws.
Because the deal is not yet in final form, Brill’s comments at the Information Technology and Innovation Foundation reflected an air of uncertainty even as American and European officials say they are encouraged by the deal. Still, she offered some options for European users if they believe an American company violates Privacy Shield.
“There’s a number of different ways that consumers can have their complaints heard,” Brill said. “That was an issue very important to the Europeans, and I believe the U.S. understood the importance of the issue and I believe responded very well to the concerns.”
The first option, Brill said, is for Europeans to go to the company directly with a complaint, although she didn’t delve into what that would actually mean. A lawsuit? A letter of complaint?
Europeans could also use alternative dispute-resolution mechanisms to be set up through Privacy Shield. Those avenues would “now be free” of charge, she said, adding that the FTC and others have advocated for this.
It still isn’t clear who will pick up the tab for those hearings, but it won’t go to consumers. “I think those details will be worked out, but I believe that most of the companies have been paying for their alternative dispute-resolution service,” Brill said.
“But it has to be free to the consumer, to the complainant,” she added.
Europeans would also be able to complain through data protection authorities in Europe, and those authorities could then send the complaints to the FTC if they are deemed legitimate.
Brill highlighted one other significant path for European consumers. “How will we ensure that Europeans consumers’ complaints will be heard? And how will we ensure that it would get to a final adjudication?”
She answered her own question. “Ultimately, if the individual is not satisfied, there will be a direct arbitration mechanism,” she said. “I think this arbitration panel will solve that problem.”