3 Reasons the Privacy Shield Recommendations May Not Be Easy to Implement

Despite a host of challenges facing the Privacy Shield, the EU-U.S. data transfer agreement cleared its first annual review. Yet while EU officials offered their approval for the agreement, they still noted there is much work left to be done.

In a statement, Věra Jourová, an European Justice commissioner who led the EU Commission review of the Privacy Shield, said that the Privacy Shield “works well, but there is some room for improving its implementation.”

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Law Firms Mentioned

[caption id="attachment_1689" align="alignnone" width="620"]<img class="size-full wp-image-1689" src="http://www.almcms.com/contrib

Eimer Stahl LLP
Morgan Lewis Bockius

/uploads/sites/397/2017/10/EU-flags-Article-201710231855.jpg" alt="EU flags." width="620" height="372" /> <i> EU flags in front of European Commission.</i>[/caption]   Despite a host of challenges facing the <a href="http://www.law.com/americanlawyer/almID/1202798696051/">Privacy Shield</a>, the EU-U.S. data transfer agreement cleared <a href="http://www.law.com/legaltechnews/sites/therecorder/2017/10/18/eu-seeks-stronger-enforcement-under-privacy-shield/">its first annual review</a>. Yet while EU officials offered their approval for the agreement, they still noted there is much work left to be done. <a href="http://www.law.com/legaltechnews/sites/therecorder/2017/10/18/eu-seeks-stronger-enforcement-under-privacy-shield/">In a statement</a>, V��ra Jourov��<strong>,</strong>��an European Justice commissioner who led the EU Commission review��of the Privacy Shield, said that the Privacy Shield ��works well, but there is some room for improving its implementation.�� The European Commission went on to release 10 recommendations for improving the agreement in the near and long term. While many of these recommendations are far from new, there many be challenges in executing some of them, given both the new administration��in the United States and the different privacy attitudes held by U.S. and the EU officials. Here is a look at three of the most potentially difficult recommendations to implement, and what they mean for the future of the Privacy Shield: <h2><strong>1. An Opening Salvo to Debate Automated Processing?</strong></h2> The��EU Commission recommends to ��commission a study to collect factual evidence and further assess the relevance of automated decision-making for transfers carried out on the basis of the Privacy Shield.�� Given that this��study will take place around the time the EU will be preparing for new privacy laws of its own, this recommendation could represent the first salvo in a broader effort to regulate automated decision making, also known as automated processing, under the Privacy Shield. The move may be an attempt to bring the Privacy Shield in line with the EU��s upcoming General Data Protection Regulation (GDPR), which will ��require organizations to be more communicative and thoughtful in their automated decision-making activities,�� said Pulina Whitaker, partner at Morgan, Lewis & Bockius. Article 22 of the GDPR said that EU citizens ��shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affect him or her.�� But regulating automated processing in the U.S. may be difficult: many organizations employ automation to collect, process and analyze data for a variety of purposes, Debbie Reynolds, director of EimerStahl Discovery Solutions at Eimer Stahl, said that how such processing factors into Privacy Shield will need to be figured out quickly not only ��because of the GDPR coming into effect next year,�� but also because ��it poses a significant challenge to the integrity of the Privacy Shield.�� Reynolds explained that the "three biggest calls" to invalidate the Safe Harbor Agreement, the since-nullified predecessor to the Privacy Shield, were all "things have to do with people of the EU being uncomfortable�� with bulk [automated] processing��: the <span style="font-size: 1rem">"Patriot Act, the Edward Snowden revelations and the Max Schrems�� case out of Ireland,"��</span> Reynolds added that while commissioning a study <strong>��</strong>is ��a good idea,�� the EU and U.S. ��are far apart on where they stand on bulk [automated] processing and how that is going to impact EU citizens.�� <h2><strong>2. Staffing Woes </strong></h2> Among its recommendations, the EU Commission reiterated what it had called for at the beginning of the annual review: the need for the United States to fill out key administrative positions vital to Privacy Shield operations. These position include the still vacant Ombudsperson role at the U.S. Department of State to address complaints by EU citizens over Privacy Shield violations, and numerous vacant positions on the Privacy and Civil Liberties Oversight Board (PCLOB), which is meant to oversee U.S. government surveillance programs. There are signs that it may be an uphill battle. When asked about the slow pace of appointments in his administration during an <a href="https://www.forbes.com/sites/randalllane/2017/10/10/trump-unfiltered/2/#50da3081c771">October 2017 interview</a> with Forbes magazine, U.S. President Donald Trump signaled the vacancies in many federal departments were intentional. ��I'm generally not going to make a lot of the appointments that would normally be��because you don't need them,�� he said. ��I mean, you look at some of these agencies, how massive they are, and it's totally unnecessary.�� There are signs, however, that the administration is moving to fill out the PCLOB, given the recent nomination of Adam Klein, senior fellow at the Center for a New American Security and former law clerk to the late U.S. Supreme Court Justice Antonin Scalia, as its chairman. Charles-Albert Helleputte, a partner in Mayer Brown��s Brussels office, said that this ��recent appointment is likely to be considered as a good signal by EU institutions.�� He added, ��For the EU, the��appointment can be considered as a course of action." But while a good sign, Morgan Lewis' Whitaker notes that the Privacy Shield apparatus is still missing far more essential U.S. officials. ��Appointing a permanent ombudsman is more critical at this stage, including for continuing communications about the operation of the Privacy Shield,�� she said. <h2><strong>3. From Policy Directive to Law?</strong></h2> Under <a href="https://obamawhitehouse.archives.gov/the-press-office/2014/01/17/presidential-policy-directive-signals-intelligence-activities">Presidential Policy Directive 28</a>, former President Barack Obama limited��U.S. mass surveillance activities to��respect the privacy of both U.S. and foreign citizens. The directive, known as PPD-28, was a key assurance for the EU, curtailing U.S. surveillance activities within certain boundaries. Now, EU officials want to make sure these protections become permanent. The EU Commission for the Privacy Shield Review recommended that the policy directive be enshrined under the Foreign Intelligence Surveillance Act (FISA) when the law is up for reauthorization at the end of 2017. It is difficult to know, however, whether there is support for such a move from the Trump administration, or leaders of Congress, as��there has been little public comment on the fate of PPD-28. However, during his March 2017 U.S. Senate nomination hearing, now-approved director of National Intelligence Daniel Coats briefly addressed the issue in <a href="https://www.intelligence.senate.gov/sites/default/files/documents/aphqs-coats-022817.pdf">written responses</a> to the Senate Select<b>��</b>Committee on Intelligence questionnaire. Coats��wrote that ��the European Commission relied in significant part on the privacy protections of PPD-28 when it found the U.S.-E.U. Privacy Shield framework was adequate. For that reason, before any changes to the PPD are made, I believe it [important to consider the consequence of any modifications.�� Beyond Coats, though, it is difficult to know how others in the Trump administration view the PPD-28. ��Especially because [this administration] has not been of very supportive of some of the prior Obama administrations activities or actions, I think people are waiting to see whether this administration will support the [PPD-28],�� Reynolds said. She added that ��it��s in everyone��s best interest to ensure that these issues don��t impact commerce or impact Europeans fundamental right to privacy.��           <

Eimer Stahl LLP
Morgan Lewis Bockius

> Knitter: Too few entities/relations are generated compared to number of concepts (only 99% (103/104) concepts are converted).

Trending Stories

After Latham Mandates 4 Days in NY Office in 2025, Other Firms Sticking to 3 Days, For Now

The American Lawyer

Willkie Adds 11-Attorney Capital Markets Group From Mayer Brown

The American Lawyer

New York Lawyers 'Stunned and Devastated' Over Chris Morvillo Disappearance

New York Law Journal

Kirkland Is Increasingly Turning to NJ for Huge Chapter 11 Bankruptcies. Will Other Big Law Follow?

New Jersey Law Journal

'Big Law Killed My Husband': An Open Letter From a Sidley Partner's Widow

The American Lawyer

25 Years of the Am Law 200: Is Size as a Strategy a Winning Formula?

People, Places & Profits, Part III: Are Law Firm Financial Metrics Keeping Pace With Inflationary Growth?

The A-List, Innovation, and Professional Development: How Market Trends Are Impacting What it Takes to Be a Well-Rounded Firm

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.
75 Ponce De Leon Ave NE Ste 101
Atlanta, GA 30308
(470) 294-1674
www.garymartinhays.com

Law Offices of Mark E. Salomone
2 Oliver St #608
Boston, MA 02109
(857) 444-6468
www.marksalomone.com

Smith & Hassler
1225 N Loop W #525
Houston, TX 77008
(713) 739-1250
www.smithandhassler.com

Presented by BigVoodoo

3 Reasons the Privacy Shield Recommendations May Not Be Easy to Implement

Rhys Dipshan

Thank you for sharing!

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

You Might Like

How Ukrainian Businesses Are Pressing On During the War—and How Law Firms Can Help

The New GDPR SCC Framework: What In-house Lawyers Must Do Today to Be Prepared

Coinbase Slams SEC's Proposal to Amend Definition of Term 'Exchange'

Creating a 'Culture of Compliance': Privacy Activist Max Schrems Isn't Done Yet

Law Firms Mentioned

Featured Firms

More From ALM

3 Reasons the Privacy Shield Recommendations May Not Be Easy to Implement

Rhys Dipshan

Share with Email

Thank you for sharing!

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

You Might Like

How Ukrainian Businesses Are Pressing On During the War—and How Law Firms Can Help

The New GDPR SCC Framework: What In-house Lawyers Must Do Today to Be Prepared

Coinbase Slams SEC's Proposal to Amend Definition of Term 'Exchange'

Creating a 'Culture of Compliance': Privacy Activist Max Schrems Isn't Done Yet

Law Firms Mentioned

Trending Stories

Featured Firms

More From ALM

Subscribe to Legaltech News