Back to news and insights
Article

Privacy Shield and the effects of Trump's travel ban

April 10, 2017

The EU-US and Swiss-US Privacy Shield Frameworks ("Shield") were designed to replace the legacy Safe Harbor program that was quashed in October 2015. The new Shield framework is intended to ensure that the US provide adequate safeguards for personal information and that members would not be prosecuted for transferring data from the EU or Switzerland to the US.

Some rightly criticize that the program isn't comprehensive enough - especially in the context of civil and criminal investigations - as it suffers from some of the same issues of its predecessor, the obsolete Safe Harbor program, most notably in that members can simply 'self-certify' and any redress process for breaches is entirely untested and any supposed rights are based on vague words of comfort from one arm of the previous Obama US administration.

Even before Trump, EU officials decided that it was not good enough and a review of the program is scheduled for May of this year.

The question is, especially in a contentious legal context, is it prudent to rely on this - even more so given the potentially draconian consequences of the GDPR's (General Data Protection Regulation) revised EU Data Protection Regulation which goes into effect imminently and carries fines of up to 5% of revenue.

There are furthermore several factors which could threaten the viability of the Shield framework specifically in the current Trump administration. For example, the most recent Executive order, dated January 25 2017, which specifies "privacy policies exclude persons who are not United States citizens" should massively raise concern to anyone planning to travel to the US or to transfer data to the USA. It flies directly in the face of the Shield. We understand that increasingly US customs are asking for passwords for laptops and phones being brought into the USA so they can be copied. If refused, the IT assets will be confiscated and returned after several months.

Further, even US citizens are also at risk as demonstrated on January 30 2017, when a US born NASA scientist (who was also a member of the Global Entry program) and had high security clearance was detained at the US border by Customs officials until he unlocked his phone.

Companies and individuals should think very carefully about data management in the interim. We would argue for caution - and in fact any travelers to the US who are concerned about privileged and/or confidential information should travel with a blank laptop and/or ensure that confidential privileged documents are not on their person.

FRA's expertise

FRA are experts in data protection compliance with data centers throughout North America and Europe. We have supported our clients with investigation and litigation expertise on numerous complex cross-border matters while ensuring compliance with local data protection and data transfer laws. We also offer the FRA Mobile Solution and on-site hosting in order to ensure that data is hosted, processed, and reviewed in the appropriate jurisdiction. Our review platforms provide for in-country review to help ensure that only potentially relevant data leaves its jurisdiction, and does so in a compliant fashion.

Author: Greg Mason, FRA founding partner

Find out more

No items found.
Authors
Related expertise
Get in touch
No items found.
Article

Four positives from the EU’s pioneering law on artificial intelligence

February 15, 2024
Event

FRA International Senior Leaders Recognized in Who’s Who Legal Consulting Experts 2023

February 15, 2024
Article

How Can Data Support Your Sustainability Strategy?

February 15, 2024
News

Meet FRA Dubai

March 22, 2024