The current state of transatlantic relations in terms of data storage policies is volatile. In contrast to the image conveyed by the immense data flows crossing the Atlantic, these movements do not stand on a solid foundation. To put things simple, there seems to be a general discrepancy of American business-friendly data policies and European mechanisms of protecting personal data. Hereby, especially Germany is committed to strict regulations of personal data storage and further usage of this personal data. Following from this general conflict of interest, the EU-US Privacy shield seems a temporary solution which was not off to a good start. The German media has implied from the beginning that the EU-US Privacy Shield should be considered as some sort of deal that was negotiated in order to please American businesses and offered them a new legal way after the Safe Harbor Agreement had been nullified by the European Court of Justice in 2015. Simultaneously, many German stakeholders have viewed the EU-US Privacy shield critically since they know about the Germans’ cautiousness regarding their personal data.
The dissatisfaction with the EU-US Privacy shield has been voiced ever more loudly after Donald Trump was elected president. The influential German Federal Association of Consumer Organizations (vzbv) already called on the European Commission to scrutinize the commitment to the EU-US Privacy shield more closely since the suspicion is that the data protection regulations will be infringed by the US government or are not followed by the American companies after all. At this point, however, I find it important to distance myself from this black and white picture which considers Europe (or Germany) to be obsessed with data protection regulations and the US of being far too lax in this matter. In addition, the American government is viewed with suspicion after the revelations made by Snowden. This sentiment will not decrease when Trump will head the American government. As part of the younger generation who uses internet services and apps on a daily business I consider myself as having a foremost interest in putting data storage policies on a solid legal foundation. It does not matter to me and my peers if the app I am using is American, German or Korean. It matters, however, that I know my personal data is secured and dealt with in a proper manner.
In the fast-changing world of digitalization it needs frameworks that are able to evolve and adapt to new circumstances. Here comes the good news: the EU-US Privacy Shield has incorporated these thoughts and installed an annual review clause. It is now in the hands of the involved actors to make it a living framework adapting to changes in data practices, technology and privacy laws. In my eyes, the drive for cooperation in this matter steams from three directions: a) digitalization and big data business models spreading over the Atlantic are becoming more and more important and need clear regulations; b) Europe has a lot to learn from the US with regard to the digital economy, whereas the American companies need European partners to successfully implement their business models in a different environment and c) the younger generation has a big interest as well as motivation to contribute to these challenges. In the end, the most important point is that while the US and the EU rely on different legal frameworks, they still share the same privacy values. One factor facilitating the transatlantic cooperation regarding data protection rules is the fact that from Spring 2018 the European Union will principally unified data protection regulations (after the General Data Protection Regulation will have been implemented by the individual member states).
Furthermore, many European politicians, among them Chancellor Angela Merkel have recently emphasized the need to find data policies that one the one hand do not inhibit business models and on the other are respectful of user’s privacy. The common basis and shared values are the crucial components both sides of the Atlantic should capitalize upon to strike the right balance between privacy and security.