ABA joined a broad coalition of advocacy organizations representing a range of industries in a letter to the Departments of Justice, Commerce and State and the Office of the Director of National Intelligence yesterday requesting that they convey to European regulators that “U.S. companies cannot be expected to explain U.S. government surveillance practices as they defend their use of [standard contractual clauses] for commercial [data transfers].”
The letter came after an Irish regulator “reportedly proposed to ‘suspend’ all transfers of Facebook user data to the U.S. indefinitely, finding that the company can no longer rely on Standard Contractual Clauses approved by the European Commission for enabling flows of personal information across the Atlantic.” In doing so, the Irish data protection commissioner relied on a European court decision from earlier this summer that invalidated the U.S-EU Privacy Shield Agreement—a decision that could threaten transatlantic data flows.
As the administration works to negotiate a successor to the Privacy Shield Agreement, the groups urged administration officials to “request European regulators refrain from enforcement actions until further guidance on SCCs is provided by the European Data Protection Board.” They added that “businesses acting in good faith to protect the privacy of EU citizens should not bear risks stemming from the court’s lack of clarity, including the risk of becoming subject to enforcement actions by individual data protection authorities.”
