Lawmakers and tech groups heralded last week’s announcement that the United States and European Union had reached an agreement to allow American companies to send data from European servers across the Atlantic. But it’s already becoming clear that the deal isn’t solving all worries about online privacy.
The agreement is a massive boon for tech and retail companies doing business in Europe. Those firms need a regulatory framework allowing them to transfer data to the United States in a way that doesn’t violate stricter privacy laws in the EU. An earlier agreement was struck down last year.
The new deal, dubbed “Privacy Shield,” will have to be approved by several European regulatory entities before it’s officially adopted. The European Commission, the European Parliament, and each member state’s data protection authorities will all have to OK the deal once they receive the text, which should be available in a few weeks.
After that, the European approval process could take “several months,” according to Ted Dean, the chief negotiator for the United States.
Even in its infancy, European officials are raising concerns about Privacy Shield. Three members of the European Parliament discussed their questions alongside Dean and other American negotiators at the Center for Transatlantic Relations on Thursday.
Michal Boni, a Polish member of the European Parliament, is unsure about how the United States will be bound by the agreement. “It is important for Europeans to know that all those solutions will be irreversible.” Since the U.S. is in the process of choosing the next president, he said, Europeans want to know that the next president won’t reverse course.
Andreas Schwab, a German member of the European Parliament, asked about the conditions for accessing new arbitration avenues under which European citizens can complain about misuse of their personal data. “What I have heard is that there is a very strong American position — with some sort of reasonableness, no doubt — that only citizens from countries that co-signed a full exchange of data to use for counterterrorism will be eligible,” Schwab said.
That new arbitration structure is a major foundation for the new deal as a whole, Dean responded. “The nuts and bolts of the agreement is really about how an EU citizen with a complaint can get that complaint addressed,” he said.
Because of the vast differences in legal systems and data culture, these negotiators generally agreed that it would be impossible to create a single framework to fit European and American systems. The goal of Privacy Shield is to create a system that fits for both regulatory styles.
Marietje Schaake, a Dutch member of the European Parliament, said the tension isn’t a digital divide, even though that’s a common narrative. She said it is a “fundamentally political discussion” that involves the increasingly tense relationship between Silicon Valley and Washington following former National Security Agency contractor Edward Snowden’s revelations about the agency’s data collection program.
“A lot of American-based NGOs are lobbying to EU members of Parliament, such as myself, to stand up to the kinds of practices that these American people believe are exceeding what is acceptable under American laws,” Schaake said.
Of the European Parliament representatives, Schaake showed some of the strongest skepticism about Privacy Shield and rattled off a laundry list of concerns. Some of these included how EU citizens could be protected from unilateral access to their data, whether American data surveillance is targeted or indiscriminate, and basic transparency.
“The issue is not about just changing U.S. law to meet similar requirements as we want in the EU, but to make sure that European citizens and consumers are safeguarded,” Schaake said.
Some of these concerns will be answered once the members of Parliament read the full text of the deal, Dean said. American negotiators have been willing to play ball with their European counterparts throughout their approval process precisely to make sure the deal is acceptable and measures up to the European Court of Justice’s standards.
