The Privacy Shield is an agreement between the United States and European Union to enable companies on both sides of the Atlantic to store and retrieve data on citizens on either side, almost as though it were one political territory.
However, in his bid to rid the US of undesirable immigrants, President Donald Trump has issued an order which apparently permits the National Security Agency and other intelligence organisations to legally spy on data belonging to citizens and business which are not in the US – despite safeguards in the Privacy Shield.
Trump’s decision is of course a political one, and is officially called the “Executive Order on Public Safety”. Its intended objective is to clamp down on illegal immigration and crimes relating to non-US citizens. But its inadvertent impact could be that all data on EU citizens and companies would be made available to the NSA and others which are on the list of approved intelligence organisations.
To be fair to Trump, some of these decisions were made by previous US President Barack Obama.
At best this is a conflict of interests between the US’ aim of keeping its citizens safe and EU directives which are designed to do something similar by keeping its citizens’ and organisations’ data secure.
Partly because of the US’ attitude towards foreigners’ data, the EU introduced laws which required companies which held data on EU citizens to store that data within the EU.
This is one of the reasons why companies such as the Zoho Corporation have built new data centres in the EU region.
As Zoho’s director of product management, Rajesh Ganeshan, told Enterprise Management 360º, “Our European customers were directly telling us that as long as we had our data centres in the US, it would make life hard for them.”
US intelligence agencies have long had the power to snoop on non-US individuals and organisations, but now with the further backing of Trump, even the US-EU Privacy Shield is not enough to persuade companies that storing information at data centres at either territory is enough – it looks like companies may need to have separate facilities at both.
“Because of new initiatives such as the US-EU Privacy Shield and other measures, things have been changing quite a bit for data being hosted in the US for EU customers,” says Ganesan. “So we took the decision to invest in our own data centres in Europe.”
Writing on the Human Rights Watch website, Cynthia Wong says the privacy and other rights of European internet users are certainly at risk when companies transfer their data to the US, and things are deteriorating.
“Since Trump’s inauguration, the situation has worsened,” writes Wong. “The new administration’s steps on immigration removed Privacy Act protections for non-US persons, which Europeans have relied on if US agencies misuse their data.”