The acting head of the US Federal Trade Commission, Maureen Ohlhausen, has sought to assure people that the critical Privacy Shield data-sharing agreement will hold up despite President Trump's recent executive orders on immigration.
Ohlhausen told reporters this week that the transatlantic agreement was unaffected by the president's controversial decision and that the FTC "will continue to enforce the Privacy Shield protections, and we hope we will move ahead as planned."
"In my opinion, nothing has changed," she said, according to a report from Morning Consult.
That succinct view reflects a lengthier analysis published by her former FTC colleague Julie Brill, who argued that the executive order did not impact the core elements of what makes the Privacy Shield agreement work.
So everything's fine? Nope.
Just as with Brill, Ohlhausen included a significant caveat when she noted "we hope we will move ahead as planned."
Brill noted: "It will be important to pay attention to European officials' reactions ... It will also be important to watch how the EO may impact the Attorney General's designations of countries covered under the Judicial Redress Act."
In truth, there are three significant risks to the Privacy Shield agreement:
- Attorney General Jeff Sessions: Sessions can, if the mood takes him, remove countries from the list of designated countries on the Judicial Redress Act. This would immediately undermine the ability of those countries' citizens to use US courts if they felt their data was being mishandled – a cornerstone of the new agreement. There's no good reason for him to do so, but then the Trump Administration continues to make decisions based on ideology rather than rational analysis.
- The Schrems/Facebook court case in Ireland: This court case is what kicked the whole thing off when Max Schrems sued Facebook over its data sharing, and the European Court of Justice decided the Safe Harbor agreement covering transatlantic data flows was illegal. That court case is still going and could make a number of determinations that could undermine the "new" Privacy Shield agreement if it feels it doesn't adequately protect consumers.
- The Article 29 Working Party: This important group of Europe's data protection authorities was already unhappy with Privacy Shield, but decided to forego a formal opposition and adopt a wait-and-see approach when it was drawn up last year. It will have its first annual review in July this year, during which it plans to "not only assess if the remaining issues have been solved, but also if the safeguards provided under the EU-US Privacy Shield are workable and effective." And if they're not, it could blow up the whole deal.
Of course, there will be massive pressure not to tear up a new agreement that is so important to transatlantic trade. But with President Trump continuing to rile Europe in a dozen different ways, it is all too possible that the EU decides to use the Privacy Shield as a diplomatic hammer – especially since it will be US companies that are disproportionately affected. ®