A Look into the Data Privacy Crystal Ball: A Survey of Possible Outcomes for the EU-U.S. Privacy Shield Agreement
The trade relationship between the European Union and the United States, the largest cross-border data flow in the world, is in a state of uncertainty. Operating under different notions of what privacy should look like and divergent legal protections for personal data, the European Union and United States have struggled to reach a mutually acceptable agreement in the past. This Note analyzes their latest attempt, the EU-U.S. Privacy Shield, with specific emphasis on (1) the way it has improved upon its predecessor, the EU-U.S. Safe Harbor; (2) the weaknesses that still remain; and (3) the external factors that threaten the future success of the agreement. Without attempting to predict a specific outcome, this Note surveys the potential challenges to the Privacy Shield in the coming years and considers potential alternative frameworks. This Note proposes that the agreement should be restructured into a private-public EU-U.S. business arrangement, in which a Data Privacy NGO takes over the duties of the US government. By relying on corporate self-regulation, the Privacy Shield can preserve its basic framework and Privacy Principles, while minimizing the vulnerabilities that make the agreement susceptible to invalidation.