EU-US Privacy Shield from the US Perspective

DOTMAGAZINE: David, how would you define the cultural (business/civil society) understanding of the purpose, value, and pros & cons of data protection and privacy legislation in the EU/USA?

DAVID SNEAD: There is a deep understanding of both the need for, and implications of, privacy legislation in the US. Right now there is more movement on this issue at the legislative and regulatory level than I’ve ever seen. I believe that there is a consensus now that there needs to be some legislative or regulatory action on privacy. 

SNEAD: The US legislative and regulatory systems tend to be more reactive than proactive. In addition, resolution of many issues takes place first at the state level. As a result, the process of addressing issues tends to be more gradual, conservative, and subject to exhaustive debate. 

DOT: Which authorities are involved in governing the Privacy Shield agreement at your end?

SNEAD: Privacy Shield is administered by the US Department of Commerce. The Federal Trade Commission has enforcement authority. The Ombudsperson is in the US Department of State.

DOT: Are your government authorities themselves bound by privacy law?

SNEAD: There are a number of laws that address governmental privacy. These laws are generally different to those that govern businesses.

DOT: What structures/positions/processes still need to be established for Privacy Shield to be effective in the long term?

SNEAD: A good foundation has been laid for the continued effectiveness of Privacy Shield. In particular, the US government has shown that it is responsive to EU concerns about the implementation and operation of Privacy Shield.

DOT: What were the key takeaways from the Transatlantic Dialogues organized by eco and the i2Coalition? What can the two associations now do to guide the development of a stable and long-term privacy agreement?

SNEAD: My primary takeaway was that there is a great deal of interest in facilitating transatlantic data-flows among EU legislators. This was unexpected since I often hear that EU legislators are not interested in facilitating US/ EU data flows. I was also happy that there was a realization among the attendees about the differences between access to data by businesses and that of governments. I think that the i2Coalition and eco can strengthen Privacy Shield by emphasizing this point.

DOT: What are your hopes and expectations for the third roundtable in Washington D.C.?

SNEAD: I hope to have the same level of interaction and engagement in the third roundtable. I also expect that there will be significant interest in understanding how Privacy Shield is perceived by the EU, and EU businesses, and how it interacts with the General Data Protection Regulation (GDPR). I suspect that there will be significant interest in discussing the impact of the GDPR on the US and whether both the GDPR and Privacy Shield are workable legislative examples for the US.

David Snead is the General Counsel for cPanel. He is responsible for cPanel’s global legal operations and is a member of the company’s management team. David has provided advice and counsel to technology companies since 1995, beginning with a practice based on technology exports. Since 1999, his practice has focused exclusively on the Internet infrastructure industry. In 2011 he co-founded the Internet Infrastructure Coalition (i2Coalition), an advocacy organization for the Internet infrastructure industry. One of the earliest opponents of the Stop Online Piracy Act, the i2Coalition has developed into a voice for a previously unrepresented industry. He manages the group’s global public policy portfolio. David received his J.D. in 1991 from Georgetown University Law Center and his B.A. in 1987 in International Affairs from Trinity University in San Antonio. He is a member of the bars of the District of Columbia and State of New Mexico.