A US magistrate ruled against Google and ordered it to cooperate with FBI search warrants demanding access to user emails and president Donald (Prince of Orange) Trump issued an Executive Order that weakened protections for data held in the US about foreign citizens.
She said that at the time of Trump’s recent executive order, US firms were quick to dismiss privacy concerns and the implied threat to Privacy Shield as a ‘complete over-reaction.’
With the US Department of Justice appealing the Microsoft case, the Rule 41 amendments coming into force, Trump’s initial executive order with who knows how many more to come, and now the ruling against Google, there will be fresh concerns in Brussels, and European privacy campaigners are going to be up in arms.
“The last remaining foundation for Privacy Shield was the 1974 US Privacy Act (written well before email existed, in which time Europe has rewritten its privacy rules three times). Not only is this act out of date, but it is patchy and deficient at best. It now appears under assault.
Even if we could be confident that the new administration and US courts were committed to upholding European privacy rights, and could be certain that there would be no further orders or rulings like these, what we have seen so far suggests that the US is deeply divided and there can be no certainty.”
“Public sector bodies with contracts with US cloud firms need to make an immediate Privacy Impact Assessment, and if necessary, seek expert legal advice. They may need to scope out migration options to move workloads so data privacy and sovereignty can be assured.
British Prime Minister’s new industrial strategy which actively favours UK firms for government contracts and procurement for growth in the post-Brexit world, departments are going to need to weigh up the risks (in terms of data privacy and sovereignty and currency fluctuations) of doing business with non-UK providers.”