With a stroke of his pen, the president just potentially invalidated a transcontinental data flow agreement between the US and EU which took years to negotiate.
The US-EU Data Shield agreement is an authorization framework which enables companies to transfer the personal data of Europeans to the US while ensuring that the companies operate within compliance of Europe's more stringent privacy laws. It effectively ensured that a European's personal data -- that is, any personal data originating from the EU, not just that of EU citizens -- would be protected to the standards that the EU demands whether the data is sitting on a server in Paris, France or Paris, Texas.
More than 1,500 companies including Apple, Google and Microsoft had agreed to abide by the Data Shield agreement, which requires the US Department of Commerce to ensure that American companies are operating in compliance. It took the place of the earlier Safe Harbor agreement, which the European Court of Justice ruled ineffective and invalid after the Snowden leaks came to light in 2013.
This agreement -- as well as the legal ability for US companies to serve European customers -- in now in very real danger of unravelling. And it's all thanks to an Executive Order that Trump signed earlier this week. Specifically, it's Section 14, which reads:
Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
Enforcing privacy policies that specifically "exclude persons who are not United States citizens or lawful permanent residents," while aimed at enhancing domestic immigration laws, effectively invalidates America's part of the Data Shield agreement, opens the current administration up to sanctions by the EU and could lead our allies across the Atlantic to suspend the agreement outright.
.@EU_Commission : If adequacy is no longer guaranteed, we will have to suspend the #PrivacyShield #cpdp2017
— Laura Kayali (@LauKaya) January 25, 2017
If that happens, things are going to get really uncomfortable for US companies trying to do digital business in the EU. Without that authorization framework in place, these companies will be forced to operate in a legal grey zone making it far more difficult for them to serve their European clients.
Source : Engaget
