U.S. Sen. Roger Wicker, R-Miss., chairman of the Committee on Commerce, Science, and Transportation, will convene a hearing titled, “The Invalidation of the EU-US Privacy Shield and the Future of Transatlantic Data Flows,” at 10:00 a.m. on Wednesday, December 9. The hearing will explore policy issues that led to the European Court of Justice’s (ECJ) invalidation of the EU-US Privacy Shield Framework, one of the key mechanisms for allowing the transfer of personal data from the European Union to the United States. The hearing will also examine the impact of the ECJ’s decision on U.S. businesses engaging in transatlantic digital commerce and what steps the U.S. Government is taking to develop a successor data transfer framework with the Europeans.
- The Honorable Noah Phillips, Commissioner, Federal Trade Commission
- Ms. Victoria Espinel, President and Chief Executive Officer, BSA – The Software Alliance
- Mr. Neil Richards, Koch Distinguished Professor in Law, Washington University School of Law
- Mr. James Sullivan, Deputy Assistant Secretary for Services, International Trade Administration, U.S. Department of Commerce
- Mr. Peter Swire, Elizabeth and Tommy Holder Chair of Law and Ethics, Georgia Tech Scheller College of Business, and Research Director, Cross-Border Data Forum
*Witness list subject to change
Wednesday, December 9, 2020
Full Committee Hearing (Hybrid)
This hearing will take place in the Russell Senate Office Building 253. Witness testimony, opening statements, and a live video of the hearing will be available on www.commerce.senate.gov.
In order to maintain physical distancing as advised by the Office of the Attending Physician, seating for credentialed press will be limited throughout the course of the hearing. Due to current limited access to the Capitol complex, the general public is encouraged to view this hearing via the live stream.
*Note: Witness list updated 12/7/2020
Chairman Roger Wicker
Data is the lifeblood of the global digital economy. The free movement of data across national borders underpins trillions of dollars in international trade, commerce, and investment. Data serves as a catalyst for innovation, productivity, and economic growth, and helps promote U.S. competitiveness and technology leadership around the world.
According to one estimate, digitally enabled trade amounted to between $800 and $1,500 billion globally in 2019 and is projected to raise global GDP by over $3 trillion this year.
To sustain digital trade and the free flow of data, governments have sought to eliminate trade barriers and safeguard the privacy and security of consumers’ personal data – a top priority of this committee. Maintaining a shared commitment to protecting consumers’ personal data has been particularly important to our trade relationship with Europe.
In 2016, the United States and the European Union agreed to the Privacy Shield Framework. This framework established a legal mechanism to provide for transfer of EU citizens’ personal data to the United States in compliance with EU data protection laws. The establishment of the Privacy Shield was intended to ensure that over 5,000 small- and medium-sized businesses, spanning several economic sectors in both the U.S. and EU, could continue engaging in transatlantic digital commerce without disruption.
Among other things, the Privacy Shield required participating organizations to give notice about their collection and use of the data of EU citizens, and give individuals the right to opt out of having their personal information disclosed to a third party. Organizations were also required to implement effective redress mechanisms for EU citizens to file complaints about how their data is used outside of the EU, and the United States was required to appoint an Ombudsman at the State Department to ensure complaints were properly investigated. The Privacy Shield included additional assurances that there would be clear conditions, limitations, and active oversight concerning government access to EU citizens’ personal data for national security purposes.
In July of this year, the European Court of Justice invalidated the Privacy Shield – and that is the reason we are here today – citing inadequate data protections in the U.S. based on our surveillance laws and an alleged lack of redress rights for EU citizens in the United States.
Today’s hearing is an opportunity to discuss what can be done to develop a durable and lasting data transfer framework between the United States and the EU that provides meaningful data protections to consumers, sustains the free flow of information across the Atlantic, and encourages continued economic and strategic partnership with our European allies – a tall order but an essential order.
A solution begins with understanding the underlying issues that led to the invalidation of the Privacy Shield this summer. I hope our witnesses will discuss the merits of the Privacy Shield’s redress rights for EU citizens and how U.S. intelligence practices compare to those of EU member states.
I also look forward to witnesses addressing how the invalidation of the Privacy Shield affects the viability of other data transfer mechanisms. To take one example, in a mechanism called Standard Contractual Clauses, exporters of EU citizens’ data to the U.S. now have to carry out an assessment of whether U.S. law provides adequate protections. The EU’s Data Protection Board recently issued guidance on how to comply with EU law while relying on standard contractual clauses to transfer data across the Atlantic. But in issuing this guidance, the EU Data Protection Board acknowledged that the implementation of these measures may still be insufficient to transfer data legally to the U.S. and other non-EU countries.
With this in mind, I hope witnesses will discuss how U.S. businesses can confidently conduct transatlantic data transfers in compliance with EU laws, as we continue bilateral negotiations to replace the Privacy Shield.
I welcome the European Commission’s commitment to continue working with the United States to ensure the continuity of safe data flows in a manner that reflects the values we share as democratic societies. And I had a very productive and informative conversation with members of the European Commission just yesterday.
Finally, a major priority of this committee has been strengthening consumer data privacy through the development of a bipartisan federal data privacy law. I look forward to witnesses discussing how a comprehensive data privacy law with strong enforcement and meaningful privacy and redress rights for consumers might be able to aid efforts to develop a successor data transfer framework between the United States and the EU.Having said that mouthful and gone three minutes over, I thank you for your participation. And I turn to my dear friend and colleague Ranking Member Cantwell for her opening remarks.
Ranking Member Maria Cantwell
Cantwell: Thank you, Mr. Chairman, and thank you for holding this hearing. Also, thank you for your leadership on the Helsinki Commission. I certainly appreciate your hard work in both of those roles in trying to solve and resolve these issues between the United States and the European Union. So, I also want to thank our colleagues Senators Cardin and Shaheen for also working on that Helsinki Commission and these important issues.
The decision by the European Court of Justice earlier this summer makes it abundantly clear we need to have a new agreement between the United States and Europe to address the transatlantic data flow. It must be a top priority by the Biden Administration. We must ensure the continued free flow of commercial data between the United States and Europe. When I think about the Mexico Free Trade Agreement and getting the digital provisions in there, this is something that is now the norm. This is not an obscure thing, it is going to become more and more and more about trade and figuring out trade. Trade is digital. So, a lot is at stake.
The US and EU digital trade is worth more than 300 billion annually, including more than 218 billion in US exports to Europe. A very important export issue. And every business that exports and imports and has a presence or investment in the US and Europe will face difficulties if there are barriers to cross-border data transfer. In all, more than 1 trillion in US-European trade is at risk. With the invalidation of the Privacy Shield agreement, we now have lost the most straightforward legal tool for transferring data from the EU to the US, and this is a particular problem for small and medium sized businesses. It also puts some of our largest and more sophisticated companies at a disadvantage and casts doubt on the protection of their digital services and what they provide.
Europe in the United States have had a long history of working together, and to address our global challenges in security issues at the same time, we must redouble those efforts. We must continue to work closely to defend our shared values for democracy and the rule of law, and I want to see the US and Europe working together on these very important national concerns, trade and technology, so that we can continue to improve economic opportunities and avoid moves towards protectionism.
We need to start by coming together on protecting data but we also, also must increase bilateral cooperation on a broad digital agenda: 5G, 6G, a regulatory framework for artificial intelligence, autonomous vehicles, cybersecurity disinformation standards. So I support the European proposal to create a US-European Technology Council for dialogue. Maybe the commission, the Helsinki Commission and others can help on this.
We can work together in multilateral organizations like OECD and the G7 to confront the challenges from China and Russia, so that we can more focus on what the standards are for the next generation of technology and to assure for the proper protection of intellectual property. This must be our larger goal. If we fail to increase our cooperation on digital issues, our economy will suffer the consequences. The flow of data between the United States and Europe is especially critical to 5,000 plus tech companies in the state of Washington, which generate more than 2.8 billion in digital export. So, equally important here today are the privacy issues that we are still working on as a committee.
These are important issues, so we don't want consumers left behind. We want them to have control over their personal privacy data. We want, at the state and federal level, to make sure that we have the right safeguards in place for consumers, so I guarantee you the United States and European citizenry are on the same page. These are the concerns that we all share. That the US may have, at a government level, a bulk collection of intelligence information that might violate those privacy rights.
So, we have to work hard to resolve this issue of the Privacy Shield and work hard on privacy legislation next year. So thank you, Mr. Chairman. I look forward to working with you and resolving the issues between us on our two bills and certainly, we’ve made progress. It's a very hard issue, but the digital world is not going away. So, we have to not only pioneer it, but pioneer the laws and safeguards that go along with it. Thank you very much.
Witness Panel 1
The Honorable Noah PhillipsCommissionerFederal Trade Commission
Ms. Victoria EspinelPresident and Chief Executive OfficerBSA – The Software Alliance
Mr. Neil RichardsKoch Distinguished Professor in LawWashington University School of Law
Mr. James SullivanDeputy Assistant Secretary for ServicesInternational Trade Administration, U.S. Department of Commerce
Mr. Peter SwireElizabeth and Tommy Holder Chair of Law and Ethics, Georgia Tech Scheller College of BusinessResearch Director, Cross-Border Data Forum