Less than three months ago, the European Union ushered in a new era of data and privacy regulations with General Data Protection Regulation, and the world scrambled to comply— but this was just the start. While the EU-U.S. Privacy Shield passed its first annual review in 2017, there is still room for improvement. With the second annual review coming next month, and with a billion dollars in commerce on the line, it is vital that the United States doubles down in investing in the privacy safeguards to ensure the Privacy Shield continues to protect users and businesses, especially startups.
The United States must prioritize data protection and ensure the right oversight is in place to protect the Privacy Shield. The Privacy Shield, designed by the United States and EU to provide companies with a mechanism to comply with EU data protection requirements, is critical to our economy, providing companies in the United States and EU with a clear framework for transferring personal data in support of transatlantic commerce. Today, just two years into this agreement, the Privacy Shield supports more than $300 billion in transatlantic commerce and serves nearly 2,000 U.S. companies.
Our organizations represent thousands of startups across the United States and the EU, startups that would be severely harmed by the suspension of the Privacy Shield. Removing the Privacy Shield’s legal certainty leaves smaller businesses at a competitive disadvantage and hurts entrepreneurs who’d be left to struggle to comply with EU data transfer laws. This might not be a challenge for larger corporations with dedicated legal teams, but it can bankrupt a startup with limited resources. In the absence of Privacy Shield, larger companies will be able to handle EU user data pursuant to binding corporate rules, model contractual clauses, or a variety of other expensive workarounds that startups cannot replicate. If the United States does not follow through on commitments to preserve robust privacy oversight, startups will be left with a difficult choice: stop handling EU customer data or continue to do so and face significant legal risk.
Members of the European Parliament are calling on the Trump administration to provide additional privacy safeguards in order to ensure the Privacy Shield is doing its job. They’re worried about vacancies in the Privacy and Civil Liberties Oversight Board and the lack of a permanent Privacy Shield ombudsperson. Recently the administration took an important step forward by nominating two new members to the PCLOB. That’s encouraging — but there’s more to be done.
Filling all of the vacancies is critical to ensuring the board can function as designed and maintain transparency and trust in how transatlantic data is handled. The Senate should quickly confirm these nominees and send a strong signal to the EU that we take their concerns seriously.
The digital economy is global, and a global economy requires strong international partnerships. Access to transatlantic data flows is critical to spurring innovation, and the suspension of the Privacy Shield would cause significant harm to both American and European businesses trying to compete and thrive in the 21st century economy.
The administration must step forward and preserve robust privacy oversight before the second annual review. Thousands of companies, millions of customers and billions of dollars in commerce depend on it.
Evan Engstrom is executive director of Engine, a policy, advocacy and research organization that supports startups as an engine for economic growth. Melissa Blaustein is the founder and CEO of Allied for Startups, a worldwide network of over 40 advocacy organizations focused on improving the policy environment for startups.
Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.