On January 25, 2017, President Trump signed a new Executive Order on Enhancing Public Safety in the Interior of the U.S.  Among other elements, the Executive Order directs U.S. government agencies to “ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information,” but only if doing so is “consistent with applicable law.”

This prompted certain commentators, such as Member of the European Parliament Jan-Philipp Albrecht, to question whether the Executive Order would have an impact on the robustness of the EU-U.S. Privacy Shield data transfer framework

The European Commission moved swiftly to confirm that the Privacy Shield does not rely on the U.S. Privacy Act of 1974 (“Privacy Act”).  Indeed, the Privacy Act is only necessary to protect EU residents when their data is sent directly to U.S. law enforcement agencies.  The Privacy Act applies to EU citizens pursuant to a U.S. law (the Judicial Redress Act) and the EU-U.S. Umbrella Agreement, neither of which are overridden by the new Executive Order.  And the EU has already been designated as a “covered country” under the Judicial Redress Act, thus extending Privacy Act protections to EU citizens.

The protections afforded under the Privacy Shield—which concerns transfers to U.S. companies, not law enforcement authorities—are based on a sweeping framework of domestic U.S. laws, international commitments, the Privacy Shield’s own Principles, and a European Commission Decision.  Thus, the EO does not alter the applicability of the Privacy Act to EU citizens—although it may exert additional political pressures on the Privacy Shield, which is already subject to challenge in EU courts.

Print:
EmailTweetLikeLinkedIn
Photo of Phil Bradley-Schmieg Phil Bradley-Schmieg

Philippe Bradley-Schmieg’s practice covers a range of commercial, regulatory and intellectual property matters affecting the IT, e-health, internet media and telecoms sectors, often with a multi-jurisdictional scope.  He advises on intellectual property, compliance and policy matters such as online consumer rights, liability for…

Philippe Bradley-Schmieg’s practice covers a range of commercial, regulatory and intellectual property matters affecting the IT, e-health, internet media and telecoms sectors, often with a multi-jurisdictional scope.  He advises on intellectual property, compliance and policy matters such as online consumer rights, liability for third party content, patent, copyright and database right licensing, privacy and data protection, medical confidentiality, cybersecurity, data breach responses, and law enforcement data disclosure.  Mr. Bradley-Schmieg advises on UK, EU and international law, and has worked in London and Brussels.

Photo of David Bender David Bender

David Bender is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity practice group.