Happy Data Privacy Day.
Yes, today, the 28th January is the tenth annual data privacy day; an event intended to raise awareness of issues surrounding online privacy and the best practices that go with security your privacy and the security of your data whilst online.
Which makes it both sad and ironic that the big story of the day is the new US President stripping countless people of their rights to privacy.
Privacy struck down
Since taking office last week, Donald Trump has been signing off a string of Executive Orders; a legally binding order from the President of the USA to the countries Federal Agencies.
It has been reported that one of these orders includes a clause which removes the protections of the Privacy Act from all non-US citizens. The Executive Order in question, entitled ‘Enhancing Public Safety in the Interior of the United States’ includes section 14 which states that all US agencies shall “exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”
Obviously, this sweeping policy change will be deeply troubling to many people. There are now several million people resident in the USA who at the stroke of a pen are no longer protected the country’s privacy laws.
Privacy Shield invalidated?
But the change also seems likely to have a ripple effect on various international agreements too. Initial indications are that the EU-US Privacy Shield agreement could already be in jeopardy.
The Privacy Shield Agreement only came into force six months ago as a replacement for the Safe Harbour agreement which was struck down by the European Courts. It is intended to allow the personal data of EU citizens to be processed in the USA. It is an agreement which took many years to reach a consensus over, but first impressions suggest that Trump may have already invalidated it.
Jan Phillip Albrecht, a German MEP tweeted in response to the news saying “If this is true EU Commission has to immediately suspend Privacy Shield & sanction the US for breaking EU-US umbrella agreement.”
The precise ramifications of the policy change are not yet clear although a spokesperson for the European Commission has commented that they believe that Privacy Shield “does not rely on the protections under the U.S. Privacy Act”.
With its first annual review coming up this summer, there are likely to be urgent questions being asked about whether the data of EU citizens is being handled correctly in the USA in light of this change in US policy. It seems highly likely that legal challenges to Privacy Shield could well be forthcoming in the European Courts as well.
Whilst at present the European Commission seems to be happy or Privacy Shield to continue, they have spoken publically about a willingness to withdraw from the deal should the US no longer be able or willing to fulfill their side of the bargain.
At a Privacy Conference in Brussels last week, a representative said that “if adequacy is no longer guaranteed, we will have to suspend the Privacy Shield”
This would be hugely damaging and costly to many of the 1,500 businesses already signed up to the agreement, which includes some of the biggest names in the US tech sector, including Facebook, Twitter, Google, and Microsoft.
This is a story which is likely to run throughout 2017. Try to enjoy Data Privacy Day and spread the word about how to keep your online data secure. With Donald Trump in the White House, tools like VPNs are looking more and more indispensable to both people living in the US and beyond as well.