European Union data privacy watchdogs will seek assurances from US authorities that a move by US President Donald Trump to crack down on illegal immigration will not undermine a transatlantic pact protecting the privacy of Europeans’ data.
European concerns have been raised by an executive order signed by Trump on Jan. 25 aiming to toughen enforcement of US immigration law.
The order directs US agencies to “exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
The exemption of foreigners from the US law governing how federal agencies collect and use information about people has stoked worries across the Atlantic about the new administration’s approach to privacy and its impact on cross-border data flows.
Officials responsible for protecting the privacy of data in the 28 European Union countries are particularly concerned about any impact Trump’s order may have on a framework hammered out last year to enable companies to seamlessly transfer Europeans’ data across the Atlantic.
The EU’s data protection authorities said they would write to US authorities “pointing out concerns and asking for clarifications on the possible impact of the Executive Order” on that framework, known as the Privacy Shield, as well as on another agreement protecting law enforcement data shared between the United States and the EU.
The EU-US Privacy Shield is used by almost 2,000 companies including Google, Facebook and Microsoft to store data about EU citizens on US servers and makes possible about €243 billion of trade in digital services.
It replaced a previous system thrown out by the top EU court on the grounds it allowed U.S. spies unfettered access to data stored on U.S. servers.
The European Commission – which negotiated the Privacy Shield on behalf of the EU – played down concerns over any threat to the privacy of Europeans’ data, saying the US Privacy Act had never protected Europeans’ data and so any changes to it would not affect EU-US data transfer agreements.
The US side also sought to quell anxieties.
“The executive order also does not affect Privacy Shield because Privacy Shield protections are not dependent on the Privacy Act,” said the US Mission to the EU.
However the concerns reflect a broader fear about how the Trump administration will deal with privacy issues.
Aaron Tantleff, a partner at law firm Foley & Lardner LLP, said that while Trump’s executive order should have no direct impact on the Privacy Shield, it would increase unease among companies.
“It doesn’t mean that everything goes back to normal, it means that there’s a new wrinkle that has been brought out.”