Two stories jump out this week. One concerns the Internet’s coordinating mechanism, the other the pact that enables European data to be sent to the United States. Seemingly discrete, at a deeper level they are organically connected. The underlying issue is whether challenges to U.S. power over the system of international communications will intensify – or be shunted aside.
We have written before about the “Safe Harbor” agreement, which had governed data- transfers between Europe and the U.S. and which was struck down by the European Court of Justice three months ago because it did not offer sufficient guarantees that Europeans’ personal data were protected from eavesdropping by U.S. intelligence agencies. Would a new pact be devised, incorporating Europeans’ demands to strengthen privacy protections? What kinds of guarantees would be supplied?
An answer is now at hand. Although the prescribed negotiating deadline passed without agreement, two days late a deal was announced.[1] The US firms escaped the obligation to store their data in European lands; while, a new “EU-US Privacy Shield,” the European Commission declared, “will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans.” U.S. companies wishing to import personal data from Europe “will need to commit to robust obligations on how personal data is processed and individual rights are guaranteed.” The U.S. Department of Commerce will monitor that companies publish their commitments, which makes them enforceable under U.S. law by the US Federal Trade Commission. In addition, “any company handling human resources data from Europe has to commit to comply with decisions by European Data Protection Administrations.” E.U. citizens will have access to an ombudsman located in the United States. And, “for the first time, the US has given the EU written assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms. These exceptions must be used only to the extent necessary and proportionate. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the US under the new arrangement.”[2]
We will need to see during the months ahead just what level of protection the “Privacy Shield” actually offers. What’s interesting, though, is that considerable effort needed to be expended to reach even such a seemingly minimal agreement as this. Intense negotiations were conducted at the World Economic Forum in Davos, involving both governmental functionaries and trade groups. Satya Nadella, the CEO of Microsoft, editorialized that the Safe Harbor agreement – with its guarantee that corporations may transmit personal data from jurisdiction to jurisdiction – must be supplemented with “additional agreements, that enable privacy rights to follow data around the world.”[3] Google, by appointing as head of its global policy unit a onetime Obama Administration negotiator known for her calm, conciliatory style, reportedly was “burying its confrontational stance” in favor of more moderate international diplomacy.[4] Facebook publicized a report that it had commissioned, to emphasize disingenuously that the U.S. had actually become more “privacy friendly” than Europe.[5] Transatlantic data flows are simply too important to be left to the lower echelons.
Still, the data-hogging transnationals are not yet in the clear. Europe’s national privacy regulators are slated to release their own decision tomorrow, February 3d, on how data should be moved between the two regions. And a clamor that the EC had sold out 500 million Europeans is already audible. It is possible that some nations’ data protection authorities will prove more vigilant than their colleagues in the Commission. Thousands of U.S. companies, rooted in every sector, will be watching – eagle-eyed, we might say. No matter which way tomorrow’s decision goes, transborder data flows will still continue to constitute a crucial point of vulnerability for corporate capital.
Meanwhile, the Internet Corporation for Assigned Names and Numbers (ICANN) continues its supposed transition (again discussed previously) from U.S. state dominance to multi-stakeholder control. So far, Washington has finessed this fraught issue. Again, however, we are arriving at a critical juncture. Next September, the existing legal agreement that binds ICANN’s management of the global Internet’s crucial technical and operational functions to the U.S. Commerce Department is slated to expire. What will replace it? Will a new legal instrument carry forward the same unilateral features that have existed until now? Will a rightwing U.S. Congress – which must agree on the proposal for ICANN, whatever it is – block an attempt to alter these arrangements? What is U.S. capital’s preference concerning this transition?
Again, the issue is structural. It is widely understood, as Financial Times journalist Gillian Tett has commented, that the U.S. needs somehow to deflect or pacify “the anger that European and Asian governments feel about U.S. internet policy.”[6] (She might have added that governments in Latin America and Africa also often share these sentiments, no matter how careful they must be to avoid voicing them forthrightly.) As Fadi Chehade, the current CEO of ICANN, explains, “The status quo is just not sustainable.”[7] An early and admittedly inconclusive test of the direction of U.S. policy may come soon, after Chehade steps down: will ICANN’s new CEO also be an American, or will a non-American be chosen?
2016 bids fair to be another year of crisis-management for U.S. government and corporate leaders. Whether they will succeed at preserving U.S. dominance over international communications is an increasingly open question.
[1] Mark Scott, “U.S. and Europe Fail to Meet Deadline for Data Transfer Deal,” New York Times, February 1, 2016; Duncan Robinson, “EU and US Reach Deal on Transatlantic Data Sharing,” Financial Times, February 2, 2016.
[2] European Commission Press Release, “EU Commission and the United States Agree on New Framework for TransAtlantic Data Flows: EU-US Privacy Shield,” February 2, 2016.
[3] Satya Nadella, “We Cannot Afford Another Digital Divide,” Financial Times, January 20, 2016.
[4] Richard Waters, “Google hires US conciliator for lobbying role,” Financial Times, January 12, 2016.
[5] Hannah Kuchler and Duncan Robinson, “US More Privacy Friendly Than EU, Says Facebook Lawyer over ‘Safe Harbour,’” Financial Times, January 26, 2016.
[6] Gillian Tett, “Why Icann and internet governance are no longer America’s domain,” Financial Time, January 28, 2016..
[7] Ibid.