Step one in repairing U.S.-EU relations: a data privacy deal

By Steven Overly and Mark Scott
·6 min read

U.S. and European officials are eager to start repairing transatlantic relations after four years of Trump-fueled tension. And according to digital trade experts, there’s one logical place to begin: digital privacy.

Specifically, the two sides need to revamp a now-defunct data protection agreement that’s critical to how global companies from Google to General Electric operate. The previous pact, the so-called U.S.-EU Privacy Shield, was struck down by Europe's highest court in July, which ruled that American privacy standards do not adequately protect EU data — everything from people’s social media search histories to companies’ payroll information.

That has created legal and regulatory headaches for firms that collectively conduct billions of dollars of transatlantic commerce. It could also make it harder for the U.S. and Europe to form an effective counterbalance against China’s rise as a technological superpower.

“It's an urgent matter because so much of our economy and the European economy relies on the ability to be able to transfer data seamlessly,” said Aaron Cooper, the vice president of global policy at BSA | The Software Alliance, a tech industry group.

The July decision by the Court of Justice of the European Union, the bloc’s highest court, marked the second time it has rejected data privacy agreements between the U.S. and Europe, finding they do not sufficiently protect European citizens from inappropriate snooping by the U.S. government, underscoring the disconnect between long-time allies regarding data privacy.

The court's ruling kicked off yet another round of talks between Washington and Brussels about how to align their approaches to privacy and revamp the Privacy Shield. But the two sides have been locked in negotiations over the past six months, and no deal is expected until late Spring, at the earliest.

Now it will fall to the Biden administration, which enters the White House in January, to figure out that complex set of priorities — both to uphold U.S. national security agencies’ ability to protect Americans and to appease disgruntled European officials.

“There is a real opportunity for the Biden team to score early wins by addressing the festering tech conflicts with the EU,” said Karen Kornbluh, director of the Digital Innovation and Democracy Initiative at the German Marshall Fund. “Clearly the devil is in the details and, specifically with Privacy Shield, a lot will depend on what the U.S. is able to do with regard to privacy.”

Pressure from businesses and privacy groups on both sides of the Atlantic may not be enough to get a deal done, according to a number of U.S. and European officials who spoke on the condition of anonymity because they were not authorized to speak publicly about the negotiations.

Europe laid out its case for greater transatlantic cooperation on Wednesday, including proposals to create an EU-U.S. Trade and Technology Council to promote regulatory coordination between both sides.

But there are logistical delays that come with a new White House team tagging into the talks, and some experts argue a lasting solution — one that could withstand a likely challenge in Europe’s courts — may require the U.S. Congress to update national security laws regarding the treatment of information belonging to foreign nationals.

Next week, the U.S. Senate will offer a glimpse of its own priorities.

The Senate Commerce Committee under Republican Chair Roger Wicker (Miss.) will convene top government officials and industry advocates to discuss the future of transatlantic trade without the Privacy Shield. Slated to appear are Republican Federal Trade Commissioner Noah Phillips and Commerce Department Deputy Assistant Secretary James Sullivan, who has managed Privacy Shield for the Trump administration.

The Trump administrations priorities, which are not expected to shift under Biden, are to offer greater assurances through presidential executive orders to outline how Washington protects the data of non-U.S. citizens, as well as how Europeans can use existing mechanisms in U.S. courts to challenge the handling of their digital information, according to two of the officials who spoke to POLITICO.

“There’s a pathway to uphold Privacy Shield without legislation,” said Brian Hengesbaugh, one of the U.S. architects of the now-defunct US-EU Safe Harbor agreement, the precursor to Privacy Shield that was itself invalidated in 2015.

“Executive orders could stand the test of time, or at least give us another five years," added Hengesbaugh, who is now head of the global data privacy and security team at at law firm Baker McKenzie.

Commerce Secretary Wilbur Ross, in a statement, said both sides have “continued to intensify their engagement in negotiations” since August. European officials also are eager to find a way through the impasse, though add it's in the U.S.'s court to offer potential solutions.

But given the European court's repeated rejection of U.S.-EU privacy agreements, there is growing speculation that the incoming Biden administration may need Congress to update national security laws to pass muster on the other side of the Atlantic — a political challenge for any government.

“Ultimately, I think this may take legislation to codify a lot of the protections that are in place,” said Cameron Kerry, a fellow at the Brookings Institution in Washington, D.C. and former general counsel in President Barack Obama’s Commerce Department.

“I can see ways to get to an administrative solution for Privacy Shield that could be done by executive order or other administrative solutions that could get to a deal if the political will is there to do it,” Kerry continued. “Whether that will satisfy the Court of Justice, I think, is open to question.”

However it gets done, Silicon Valley wants a fix.

Facebook is already in the throes of a legal battle with Ireland over alleged privacy violations linked to transatlantic data transfers. That case, which will be heard in a Dublin court in mid-December, could make other American firms vulnerable to similar lawsuits if Washington and Brussels don’t agree to a deal.

It may also stymie their ability to do business easily in an increasingly digital world. A range of simple professional and personal tasks depend on the easy transfer of data, from sending emails and videos to analyzing global customer data to detecting financial fraud.

Despite questions about the political will of U.S. policymakers, Cooper at BSA |The Software Alliance sees sufficient support among Democrats and Republicans to hammer out a deal that can enhance and salvage the Privacy Shield.

“This has been one of the few truly bipartisan issues that has spanned both of the last two administrations and so I expect that the Biden administration will be able to come in and pick up on some of the work that [the Trump administration] has been doing,” Cooper said.

For Max Schrems, the Austrian campaigner who brought the legal challenges that invalidated both Privacy Shield and its predecessor, the issues at stake go right to the heart of efforts to rebuild the transatlantic alliance.

“If democratic societies want to push back, collectively, against countries like China, then we have to respect each other’s rights,” he said. “I don’t know any friends who have told me that I don’t have any fundamental rights. That’s what the U.S. is trying to say to Europe.”