Assessing trans-Atlantic data protections one year after Privacy Shield

German, U.S. and EU flags fly in front of the Reichstag building ahead of the meeting between U.S. President Obama and German Chancellor Merkel in Berlin

As the world becomes more digitally interconnected, protecting personal data as it travels across borders becomes increasingly important. On July 19, the Center for Technology Innovation at the Brookings Institution hosted Jan Philipp Albrecht, a member of the European Parliament and rapporteur for data protection, to discuss trans-Atlantic data flows and privacy protections with CTI visiting fellow Cameron F. Kerry. These issues are central to the upcoming first annual review of the trans-Atlantic Privacy Shield framework in the EU and the reauthorization of Section 702 of the Foreign Intelligence Surveillance Act (FISA) in the U.S.

The discussion affirmed the need for a data privacy standard not just between the European Union and the U.S., but also across the globe. Albrecht was ambitious for the EU to set a global example with data privacy standards, but also said a global standard must reconcile national governments’ different perspectives on data privacy and their associated regulations. In addition to recognizing a fundamental right to data privacy, trade agreements should be used to ensure the free flow of information.

Listen to event audio:

Regarding surveillance, Albrecht said that broad collection of should be replaced by targeted access of specific data, and implementing a necessity test for collected data would limit broad collection practices. He acknowledged a “double standard” with the adoption of laws in France, Germany, the Netherlands, and the UK that allow broad surveillance. Albrecht also emphasized the role that the private sector can play in protecting customers’ data by introducing end-to-end encryption that prevent third parties from accessing sensitive information. This “privacy by design” approach ensures that governments do not indiscriminately collect personal data for surveillance.

For Privacy Shield, Albrecht said that the annual review will help both the U.S. and EU assess the program’s effectiveness in protecting data. He saw Privacy Shield as a necessary compromise, but sees potential tension between it and standards set by the European Court of Justice. Albrecht expressed the hope that the review and strengthening of the framework can lead to common standards for personal data privacy in the U.S. and EU, and to a global standard based on current policies and regulations.

Brian Schwartz and Jeffrey Wirjo contributed to this blog post.