July 20, 2019

July 19, 2019

Subscribe to Latest Legal News and Analysis

July 18, 2019

Subscribe to Latest Legal News and Analysis

July 17, 2019

Subscribe to Latest Legal News and Analysis

European Commission Dismisses Privacy Shield Concerns Over Trump Executive Order

On January 25, 2017, President Trump signed a new Executive Order on Enhancing Public Safety in the Interior of the U.S.  Among other elements, the Executive Order directs U.S. government agencies to “ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information,” but only if doing so is “consistent with applicable law.”

This prompted certain commentators, such as Member of the European Parliament Jan-Philipp Albrecht, to question whether the Executive Order would have an impact on the robustness of the EU-U.S. Privacy Shield data transfer framework

The European Commission moved swiftly to confirm that the Privacy Shield does not rely on the U.S. Privacy Act of 1974 (“Privacy Act”).  Indeed, the Privacy Act is only necessary to protect EU residents when their data is sent directly to U.S. law enforcement agencies.  The Privacy Act applies to EU citizens pursuant to a U.S. law (the Judicial Redress Act) and the EU-U.S. Umbrella Agreement, neither of which are overridden by the new Executive Order.  And the EU has already been designated as a “covered country” under the Judicial Redress Act, thus extending Privacy Act protections to EU citizens.

The protections afforded under the Privacy Shield—which concerns transfers to U.S. companies, not law enforcement authorities—are based on a sweeping framework of domestic U.S. laws, international commitments, the Privacy Shield’s own Principles, and a European Commission Decision.  Thus, the EO does not alter the applicability of the Privacy Act to EU citizens—although it may exert additional political pressures on the Privacy Shield, which is already subject to challenge in EU courts.

© 2019 Covington & Burling LLP


About this Author

Philippe Bradley-Schmieg, Covington Burling, Data privacy and cybersecurity attorney

Philippe Bradley-Schmieg's practice covers a range of regulatory and commercial matters affecting the IT, internet media, e-health and telecoms sectors across the world.

Mr. Bradley-Schmieg advises on legislation, enforcement, advocacy and contracts relating to privacy, data protection, consumer protection, intermediary liability, copyright and databases, Big Data, medical confidentiality, cybersecurity, law enforcement data requests, and smart medical devices and apps.

David Bender, data privacy and cybersecurity attorney, Covington Burling

David Bender is an associate in the firm’s Washington office. He is a member of the Data Privacy and Cybersecurity and Communications and Media practice groups. Mr. Bender advises clients on a broad range of privacy and data security issues regarding the collection, use, and disclosure of information online.

202 662 5822