On January 25, 2017, the US President, Donald Trump issued an Executive Order titled “Enhancing Public Safety in the Interior of the United States“.
Many organisations are concerned about the impact of the Executive Order on the Privacy Shield.
Section 14 of the Order states that:
“Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
This Executive Order means that only US citizens or permanent residents are protected by the Privacy Act. This has caused international concern over whether the Order affects the Privacy Shield. Many organisations are concerned about the impact of the Executive Order on the Privacy Shield and how may affect them. The general consensus is that it does not affect the Privacy Shield, however, the European Commission has not released an official statement as of 1 February 2017.
What is the impact of the Executive Order on the Privacy Shield?
The Executive Order affects rights that are found in the Privacy Act. The Privacy Shield derives its power from various pieces of legislation, including both national and international laws and diplomatic agreements, so it is not affected by the Executive Order.
In February 2016, the United States passed the Judicial Redress Act. This extended the Privacy Act protections to citizens of ‘covered countries’ and eventually led to the signing of the Umbrella Agreement. The now former US Attorney General designated ‘covered countries’ as all EU Member states (apart from Denmark and the United Kingdom which are expected to be included in the definition soon). The Privacy Act focuses on protecting personal data when it is sent to law enforcements agencies. It is therefore only necessary to protect EU residents when their data is sent directly to U.S. law enforcement agencies. Further, the designation by the Attorney General is not subject to judicial or administrative review.
What does this mean?
The end result is at the moment the impact of the Executive Order on the Privacy Shield is not in question and the Privacy Shield principles are still valid.