When you think about how the internet operates, you probably think about “how many bars” you have and making sure your device has a charge strong enough to last the day. Perhaps you think about software and data. What you might not think about are obscure agreements on paper or Congress’s everlasting arguments on privacy.
And yet those details are vital to the operation of the internet. They create the legal framework that allows the technical components to all work together. In short, it takes paper pacts to keep the data flowing and the LEDs lit.
That’s why this week’s signing of a new agreement between the United States and the European Union should be a cause for major celebration as well as a time to acknowledge the real work that remains to be done to support cross-border data flows.
As for this week’s development, the new EU-US Privacy Shield, finalized in a meeting between EU Commissioner Vera Jourova and Commerce Secretary Penny Pritzker, is indispensable to the future of digital commerce. The Privacy Shield will allow US and European companies to send data back and forth across the Atlantic.
This is important because data is now instrumental to so many elements of our interconnected, global economy. Moving data is crucial at almost every step of financial lives. Without the Privacy Shield, multinational companies would have struggled to ensure their employees received their paychecks. Businesses would have had to find new ways to process international orders. Software companies, a trillion-dollar sector of the US economy, would have needed new systems to move, process, and store their customers’ data. Those crises, thankfully, have been averted.
Looking ahead, though, much more remains to be done. As a start, international policymakers need to create a durable framework to govern the new age of data-related investigations, and Members of Congress must continue to rebuild trust among technology users by improving the US privacy regime.
Today’s criminal investigations, like today’s crimes, are not limited by national boundaries. But our legal regimes were crafted for a system focused on physical – not digital – evidence. In the physical world, it’s still obvious that borders matter. And the system for obtaining physical evidence that belongs to a citizen of another country requires an exchange of both legal comities with other countries – and the proper paperwork.
Such regimes were not designed for an age when the police could access the contents of a person’s digital communications located almost anywhere in the world with a few clicks of a mouse and without the involvement of the country’s legal system – or privacy protections. But even there borders still matter. As Americans we would never accept foreign investigators reaching across border to snatch our data, and yet the United States has argued that it can do exactly that to others. Such claims threaten not only our bilateral relations but the trust that US companies have cultivated in their customers around the world.
Congress can begin to address this concern by adopting legislation designed to craft appropriate boundaries for digital requests. The International Communications Privacy Act, or ICPA, would do just that. The legislation, which was introduced last month, by Sens. Hatch, Coons, and Heller, and Reps. Marino and DelBene, will help investigators do their jobs while also preserving consumer privacy. The bill ensures that law enforcement officials obtain warrants for the content of U.S. persons’ communications, removes the uncertainty around how to access such information belonging to foreign nationals, and it improves the Mutual Legal Assistance Treaty system, which is the mechanism used to access evidence abroad.
In addition, Congress should take the lead in continuing to improve the privacy protections of Americans in the digital realm. Lawmakers can do so by extending warrant protections to all digital data, by considering appropriate protections for new types of data, and by increasing the transparency around law enforcement requests by limiting the use of gag orders. First, the Senate should join the House in passing reforms to the Electronic Communications Privacy Act. That legislation, the most popular in Congress, would require law enforcement officials to obtain a warrant for access before obtaining the contents of our online communications. Further, as we generate location data and other new sources of information for investigators, Congress should consider how to balance the government’s ability to access that data and the opportunities for service providers to inform their customers when their data is demanded.
The foundation of the digital age is trust, and the aim of each of these efforts is to expand users’ trust in the products and services that power today’s economy by creating appropriate privacy protections. By doing so, we can advance the aims of today’s Privacy Shield agreement, and extend the celebration.
Read recent media highlights from BSA on the Privacy Shield agreement here.
