Worries Grow Over Data Privacy Framework Stability
A top European official said Thursday he received assurances in Washington that the United States is committed to preserving the legal framework underpinning commercial data flows across the Atlantic.
See Also: Mastering PIAs & DPIAs: A Complete Handbook for Privacy Experts
Michael McGrath, European Union Commissioner for Democracy and Justice, told a think tank Thursday he met the same day with Andrew Ferguson, head of the U.S. Federal Trade Commission, to discuss data privacy and consumer protection rights.
“He reassured me of his support for the DPF,” McGrath said during a webcast hosted by the Center for Strategic and International Studies. The DPF is the EU-US Trans-Atlantic Data Privacy Framework, adopted by Europe in 2023 after nearly two years of negotiations between Brussels and Washington.
“From our perspective, it is important that the safeguards are protected here on the U.S. side, that there’s a continued commitment to enforcement of the DPF, because that is that is fundamental to its successful operation and underpins trust within the framework, and so we’ll continue to assess ongoing developments,” McGrath said
Commercial data flows involving European residents and U.S. companies are subject to often brittle trans-national legal frameworks meant to shield Europeans from American intelligence agency bulk surveillance. The frameworks, which have been subject over the past decade to repeated successful legal challenges in Europe for not doing enough to protect privacy, permits U.S. companies operating in Europe to easily transfer and process data in the U.S.
The FTC is charged under the framework with policing American company self-certification of compliance with framework requirements, which are voluntary but important for businesses with European customers. A false assertion of compliance can result in an FTC order against further misrepresentation coupled with monetary fines for repeat violations. The agency did not respond to an inquiry about McGrath’s meeting with Ferguson.
The Data Privacy Framework already faces legal challenges in Europe, but fears of its durability compounded after the Trump administration in January ordered three Democratic members of the Privacy and Civil Liberties Oversight Board to step down. The board’s role in the framework agreement is to ensure that any European complaint about data misuse are addressed in a timely manner by the federal government. It is also meant to ensure the intelligence community abides by restraints placed on it during the Biden administration, restrictions intended to shield Europeans from online surveillance (see: President Biden to Sign Order for Trans-Atlantic Data Flows).
Departure of the three commissioners has left the board – it currently has one Republican member – without sufficient members to constitute a quorum. “The European Commission relies on executive guarantees, including the PCLOB to find that the U.S. is essentially equivalent,” Austrian rights group None of Your Business said on Jan. 23. “If the PCLOB is not operational, many other elements will gradually implode.”
McGrath’s swing through Washington is taking place as the Trump administration heated up a trade war with Europe after imposing 25% tariffs on steel and aluminum. The EU announced countermeasures including tariffs on American industrial and agricultural products including a 50% tariff on bourbon whiskey. U.S. President Donald Trump took to social media to call the bourbon tax “nasty” and threaten the imposition of a 200% tax on European alcohol exports including wine.
Trans-Atlantic investments and trade have created “deep and a mutually beneficial economic relations” McGrath said, adding that “trade wars and tit for tat tariffs only results in losers.”