WASHINGTON D.C. — Yesterday, the European Commission announced that it had negotiated a new “Privacy Shield” to allow American companies to provide Internet services to Europeans by processing their personal data. The new agreement would replace the 2000 “Safe Harbor” agreement struck down by the European Court of Justice (ECJ) late last year in Schrems. Today, European data protection authorities agreed to forbear from directly enforcing European privacy rules against American companies until at least mid-April, to allow regulators in each EU country time to review the EU-US Privacy Shield. Because of U.S. government surveillance practices, that would mean clamping down on EU-US data flows.
“This respite is good news for everyone, but it probably won’t last — and everyone involved knows it,” said Berin Szoka. “The Commission bent over backwards to dress up the Privacy Shield as a major reform to American surveillance, but it isn’t. For years, the EC and Obama Administration have been trying to crack down on how tech companies use personal data — replacing the pro-innovation environment in America with a stifling, European regulatory model. In the spirit of ‘Never let a good crisis go to waste,’ both sides have cynically exploited the furor over government surveillance to push a completely unrelated political agenda: Internet regulation. But the ECJ won’t be satisfied with vague promises from a president who’s on his way out anyway — it will require fundamental, binding reforms to how the U.S. government spies on Europeans.”
“If there’s one thing Brussels excels at, it’s delaying resolution of intractable political issues with elaborate, contorted compromises,” continued Szoka. “Politically, those contortions often work — allowing everyone to get by at least till the next election. But whether this deal is good enough is a legal question. The ECJ might recognize that European surveillance practices are terrible, too, and thus set a low bar for ‘essential equivalence.’ But the high court might also see the new agreement as little more than an elaborate delaying tactic — especially if the White House won’t even update Executive Order 12333. And then there’s Section 702, which Congress almost certainly won’t confront until it finally sunsets in December 2017.”
“The Privacy Shield is designed to delay judicial review as long as possible,” concluded Szoka. “By keeping the agreement vague and emphasizing a new annual reassessment of U.S. law, the Commission can keep kicking the can down the road — and may try to moot legal challenges by trying to stay one step ahead of the slow-moving courts with a new reassessment before last year’s assessment can be fully litigated. In theory, this farce could go on for years. But it only takes a single data protection authority to say the Emperor has no clothes, and American companies will have to start crippling or shutting down their services in Europe. Only Congress can write a better ending to this drama — by enacting long-overdue surveillance reforms.”
We can be reached for comment at firstname.lastname@example.org. See our other statements on Safe Harbor: