Trump signs 'no privacy for non-Americans' order – what does that mean for rest of us?

Europe's Privacy Shield shaken by US prez

By Kieren McCarthy in San Francisco


Analysis US President Donald Trump may have undermined a critical data sharing agreement between the United States and Europe that internet giants rely on to do business overseas.

In an executive order focused on illegal immigrants that was signed by the president this week, one section specifically noted that privacy protections would not be extended past US citizens or permanent residents in America.

Section 14 of the Enhancing Public Safety order reads:

Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.

By agencies, the president means the NSA, the FBI, and so on. The order's language appears to directly contradict a critical component of the new Privacy Shield agreement between the US and Europe that provides essential legal protections for US businesses sending and receiving data across the Atlantic. In short, that agreement is supposed to ensure non-Americans are not treated as second-class citizens by US organizations, with weaker privacy safeguards than Americans are afforded.

The Privacy Shield was developed and approved in record time last year after the previous Safe Harbor arrangement was deemed illegal by Europe's top court back in October 2015. It has only been in place for six months, it is still on probation as far as Europe's data protection authorities are concerned, and it is almost certain to be challenged in the courts.

The language in the executive order leads to immediate concerns in Europe, with the European Parliament's rapporteur on data protection, Jan Philipp Albrecht, tweeting: "If this is true @EU_Commission has to immediately suspend #PrivacyShield & sanction the US for breaking EU-US umbrella agreement."


A few hours later, a frantic European Commission put out a statement in an effort to calm the waters. "We are aware of the executive order on public safety," noted the statement. "The US Privacy Act has never offered data protection rights to Europeans."

It then goes on to flag two pieces of new legislation that it believes made the new Privacy Shield legal under European law: "The Commission negotiated two additional instruments to ensure that EU citizens' data is duly protected when transferred to the US:

In addition to the Judicial Redress Act – which was signed into law by President Obama late last year – privacy experts have also spotted a notice that was signed by the outgoing Attorney General just three days before Donald Trump became president and only appeared in the Federal Register three days after the inauguration.

That notice lists 26 countries – in addition to the European Union as a whole – as being "covered countries" that benefit from the "extension of certain Privacy Act remedies." That decision is due to become law on February 1 – the same day as the new US-EU Data Protection and Privacy Agreement.

The combination of the EU's official statement and the discovery of the Justice Department note has led privacy experts to focus on the critical sub-clause in Trump's executive order: that "agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons..." (our emphasis).

In theory, therefore – with the Judicial Redress Act law, the attorney general's designations due to become law in less than a week, and the executive order including a clear carve-out for existing law – the situation should be that the Privacy Shield agreement holds. The executive order would then only apply to countries outside the European Union – although Canada and Mexico are notably absent, which may have its own political repercussions.

But the Trump Administration has been nothing if not erratic and has repeatedly shown it is willing to tear up existing agreements and protocols. Many are wondering why Trump's team felt the need to include the section at all, especially given the fact that it serves no real purpose. As a result, the European Union's statement concludes with some significant degree of uncertainty:

"We will continue to monitor the implementation of both instruments and are following closely any changes in the US that might have an effect on Europeans' data protection rights," it ends.


It is with some degree of irony that Facebook – which was at the center of the legal case that resulted in the previous Safe Harbor agreement being found illegal – chose today to release its new "Privacy Basics" approach to data privacy, and two-factor authentication for security.

"Today we're introducing a new Privacy Basics to make it easier for people to find tools for controlling their information on Facebook," the company boasted. Facebook has long been criticized for its opaque and confusing policies over what level of control it grants users of the service.

While the company claims to have simplified things (again), it is notable that there are no fewer than 32 "interactive guides" to help Facebook users figure out how the company is trying to sell people's data as much as possible while giving them the sense that their data is not being abused.

And in a second irony, in two days – January 28 – it will be the official annual Data Protection Day in Europe. President Trump has certainly given privacy advocates, government officials, and just about every major online corporation something to discuss. ®

PS: Lawfare's Adam Klein and Carrie Cordero reckon the executive order "does not actually deny Privacy Act protections to Europeans," however "even the suggestion that the administration is cutting back privacy protections for Europeans could be damaging in the ongoing litigation over Privacy Shield’s validity."

Sign up to our NewsletterGet IT in your inbox daily


Keep Reading

One man is standing up to Donald Trump's ban on US chip tech going to Huawei. That man... is Donald Trump

President slams his own administration's 'ridiculous' China crackdown

Jeff Bezos: I will depose King Trump

In today's episode of Absolutely Never Happening, Amazon wants the President to testify whether or not he personally ordered AWS JEDI snub

Assange lawyer: Trump offered WikiLeaker a pardon in exchange for denying Russia hacked Democrats' email

America wanted a cover-up of Kremlin ties to DNC intrusion, court told

Chinese chip giant calls on US tech to help out with Trump tariffs – not a quid pro quo, obviously

Tsinghua Unigroup chairman says American firms could do more to ease trade tensions

Among those pardoned by Trump this week: Software maker ex-CEO who admitted hacking into rivals' systems

There's always a tech angle

Stiff upper lip time, Brits: After bullying France to drop its digital tax on Silicon Valley, Trump's coming for you next

Macron suspends cyber levy plan after The Donald has a quiet word

Oracle staff say Larry Ellison's fundraiser for Trump is against 'company ethics' – Oracle, ethics... what dimension have we fallen into?

Ah, bless

Confused why Trump fingered CrowdStrike in that Ukraine call? You're not the only one...

Security biz that probed 2016 DNC hack makes an odd cameo in revealed transcript

One man went to mow a meadow, hoping Trump would spot giant grass snake under flightpath

Childish prank for childish visitor

Trump: Huawei ban will be lifted!
US Commerce Dept.: Yeah, about that…

It's not a two Huawei street just yet, says top brass

Tech Resources

Delivering Instant Experiences: Optimizing the Performance, Cost and Capacity of Data-Driven Applications

How can you accelerate data processing to keep up with accelerating business demands for an instant experience? Get the answer to this question and more in this webinar.

Hassle-Free Banking: Transforming Digital Customer Services

In this session, hear how they transformed their digital customer services in only a few months, with a brand new onboarding journey and award-winning mobile app, leading to a 30% increase in account openings as well as reducing their need for call center staff intervention.

Accelerate and Modernize Your SQL Server Deployments

Learn how Intel® Select Solutions for SQL Server are designed to enable simplified deployments and optimized performance for SQL Server environments.

The Rise of Machine Learning (ML) in Cybersecurity

While many are guarding the front door with yesterday’s signature-based AV solutions, today’s malware walks out the back door with all their data.