Transatlantic data transfers: Will the EU and Biden find a common ground?
In July 2020, the EU Court of Justice ruled that the EU-US Privacy Shield did not offer adequate protection for data of EU citizens when shipped overseas because of the intrusive nature of the US surveillance laws, writes GLOBSEC Policy Institute Tech Researcher Zuzana Pisoň.
The verdict heavily affected the $7.1 trillion data transfer relationship between the US and the EU. The ruling touched more than 5,300 companies whose business models were based on data transfer from the EU, including tech giants Google, Facebook, Amazon, and Twitter. These now have to seek other legal instruments that will allow them to maintain the transatlantic data flows. The alternative measures include the Standard Contractual Clauses, and other instruments recommended by the European Data Protection Board.
And while the talks about a new data-protection framework started right after the Court’s decision in August 2020, it is already clear that there will be no quick fixes. The data privacy disputes delineate fundamental divisions on the topic between the US and the EU, and therefore the question arises – are there any solutions realistic enough to bridge the gap between the two economies on transatlantic data flows?
The good news is that the data protection agenda has been declared one of Biden’ s priorities. Right on the first day of his administration, Biden selected a privacy veteran for the key post overseeing negotiations for a replacement Privacy Shield. Christopher Hoff, who will serve as deputy assistant secretary for services at the U.S. Department of Commerce, began his tenure on inauguration day. Such early appointments are still not the norm – under the Trump administration, which saw delays in many appointments, Hoff’s current position was not occupied for approximately six months.
US domestic privacy overhaul
However, a new data transfer agreement will have to emerge out of a historically delicate context. In 2015, Privacy Shield’s predecessor, the Safe Harbor agreement, was also declared invalid on similar grounds of privacy rights being put in jeopardy by US surveillance authorities.
European commissioners said last fall that no replacement would be possible without reform of US surveillance law. Such a radical step could take years to accomplish — unless there’s a major effort among US companies to lobby their own government to make the necessary changes. However, if a surveillance law reform were going to take place, one of the key issues would be to expand possibilities for individual compensation. To make personal data protection guarantees in the US truly fully-fledged, a reform should also include adopting the broadly discussed federal privacy law.
Transatlantic digital trade deal
Alongside the domestic legal reform in the US, starting a new chapter post-Privacy Shield shutdown will require a new digital trade deal with the EU setting a firm legal foundation for unrestricted transatlantic data flows.
Brussels has already expressed its willingness to collaborate on tech issues with the new Biden administration, including the creation of a so-called EU-US Trade and Technology Council to coordinate joint positions and boost transatlantic trade.
As suggested by Council on Foreign Relations, a core provision in such a digital trade deal should allow governments to impose restrictions on data transfer based on their privacy laws. However, these should not be arbitrary, or act as disguised restrictions on trade, and should be tailored to achieve a public policy objective. Breaches of the rules would be addressed through a formal dispute settlement system.
At the same time, the US should promote cooperation with other democratic allies at a multilateral forum, such as the OECD, to develop a shared legal framework for government access to personal data.
Economy vs politics
While data transfers are at the heart of the transatlantic economy, they have long been plagued by Europe’s doubts about privacy protections in the US. As mentioned earlier, there are reasonable technical solutions available for setting up a new framework for regulating transatlantic data flows. However, the battle between the privacy rights of EU citizens and the US national security policy is not a technical issue, but a deeply political one. The US could claim that EU cannot dictate the US domestic and foreign policy. On the other hand, the EU is unlikely to sacrifice privacy rights enshrined in its Charter of Fundamental Rights
However, with digital business being one of the fastest-growing areas internationally, the economic stakes might prove just as important than the political ones. One thing that is already certain now is that finding a common ground between the two allies will be a long-term effort, both with regards to reaching an international trade deal and the US domestic legal revamp. The rapid growth of the digital economy might be a decisive factor in speeding up the process.