New Rules on Data Privacy for Non-US Citizens
Last week, President Trump signed an executive order affecting the privacy rights of non-US citizens with respect to data residing in the US.
Here’s the relevant text:
Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
At issue is the EU-US Privacy Shield, which is the voluntary agreement among the US government, US companies, and the EU that makes it possible for US companies to store Europeans’ data without having to follow all EU privacy requirements.
Interpretations of what this means are all over the place: from extremely serious, to more measured, to don’t worry and we still have PPD-28.
This is clearly still in flux. And, like pretty much everything so far in the Trump administration, we have no idea where this is headed.
Tim Bradshaw • January 30, 2017 6:23 AM
Here’s a small-scale example of what this sort of thing will do. I run a tiny UK-based company & I’ve been migrating our various hosting provision from a UK company to an (excellent) US company. Except, now I won’t be doing that: I’ll be looking for an EU-based company instead.
Well, no-one cares or should care about what we do of course, but it’s reasonably likely that other, larger, companies (perhaps even US companies!) will be doing the same thing.
It doesn’t actually matter what the interpretation of the executive order ends up being: what is now extremely obvious is that the US is no longer a safe place to do business, if the security of your information matters to you at all. Rather than hoping that the ruling is interpreted in a good way, the safe thing to do is to move business to a country where this is not in doubt.