Brussels is back at work and buzzing with activity. We are only halfway into September and have already seen a new framework for the free flow of data in the EU, a cybersecurity package, including a new EU Cybersecurity Strategy, as well as the first annual review of the EU-U.S. Privacy Shield to maintain transatlantic data flows.
When it comes to deciding on how to govern the digital economy, prominence is certainly given to safeguarding cross-border data flows as a central feature of transnational trade. It is also critical for Europe. For a fully functioning Single Market in the digital era, data need to be shared across borders. Yet at present, data is restricted from moving freely partly by ongoing concerns over who will have access to it once outside national borders. That includes access by law enforcement authorities. The forthcoming e-evidence proposal, expected in early 2018, should bring more clarity on the specifics related to cross-border access to digital evidence.
“Transatlantic Data Flows” was also the subject of the conversation between Microsoft’s Vice-President of EU Government Affairs, John Frank, and Reuters EU Correspondent, Julia Fioretti, at DLD Europe 17 earlier this month, touching on many of the above topics and what companies and governments should do to ensure peoples’ trust and confidence.
For John Frank, the EU-U.S. Privacy Shield is a success: “Are we making progress? Are we affecting how American companies treat Europeans’ data? – Yes. There have been 2,468 entities that have signed up to the Privacy Shield so far, and it’s been in effect for 13 months now.” While ongoing court challenges do create some uncertainty, it’s clear that “because there’s a deadline, the Privacy Shield process is forcing the United States to keep moving along” and “we do need to create mechanisms so that the data can move.”
Making sure that data can move freely is one thing, the other is controlling who can access it. When it comes to cross border transfers of digital evidence, we must have adequate privacy protections and procedural safeguards. This is particularly relevant in Microsoft’s New York warrant case – a legal dispute with the United States government over the right to access data held in a datacenter in Dublin. We will learn in October if the U.S. Supreme Court will hear the case. According to John Frank it is “a piece in a long-term puzzle.” Ultimately the solution cannot be litigation but “a legal framework – recognized in international law – that creates the basis for governments to access data when they need to.” A solution to the transatlantic issues must be grounded in a common European approach. “It’s a lot easier to solve if we have an EU solution first,” said Frank and provided an example to illustrate his point: “If a French Court issues a search warrant for a French citizen and resident’s email account, even though the data is stored in Ireland, it might be easier if they can come directly to Microsoft, or whoever the email provider is”. “However, unlawful extraterritorial demands for data would be a mistake”, in Frank’s eyes.
Watch the full discussion between John Frank and Julia Fioretti here: