The 2016 EU-U.S. Privacy Shield is an agreement allowing companies to move customer data between the European Union and the United States without running afoul of heightened privacy protections in the European Union. It was developed in response to EU concerns that the privacy rights of its citizens have been systematically abrogated by the U.S. government in the name of national security, and contains a variety of assurances that the United States will respect and protect the privacy rights of EU citizens.
How trustworthy are the U.S. assurances under the Privacy Shield? Both the Bush and Obama administrations secretly interpreted the terms of treaties, statutes, and regulations in a manner that allowed them to take controversial actions, keep those actions secret, and later invoke national security to defend the legality of those actions if they became public. In cases involving torture, bulk data collection, and targeted killing, these administrations did so despite the common and objective understanding of applicable legal constraints not providing authorization for the very actions that they claimed were legal.
It remains an open question as to whether the Trump administration will interpret the Privacy Shield in a similarly misleading manner: one in which public assurances suggest compliance with the Privacy Shield’s constraints, but the administration’s private interpretation of the Privacy Shield secretly breaches EU privacy protections. This Article considers possible ways to constrain the executive branch from relying on secret interpretations that would undermine the Privacy Shield’s transnational attempts at accountability.