US and EU seek to bridge data privacy gaps

The U.S. and the European Union have spent years trying to come to agreement over questions of privacy, security and commerce in cyberspace -- and challenges remain.

R. David Edelman - White House technology adviser

The National Economic Council's R. David Edelman said we're seeing "what is essentially two steps forward, one step back in terms of an attempt to develop a clearer global consensus."

The U.S. and the European Union continue to seek common ground on cyberspace policies during a period of domestic debates over balancing privacy, encryption, free speech, law enforcement and innovation.

In recent years, the U.S. and the EU have struggled to reconcile differences that were exacerbated by the revelation in 2013 that the National Security Agency had been spying on EU leaders and officials.

"The NSA disclosures created both challenge and opportunity," said R. David Edelman, special assistant to the President for Economic and Technology Policy at the White House's National Economic Council. "The most visible context in which both played out is in the transatlantic context."

Speaking at the Johns Hopkins University School of Advanced International Studies in Washington, Edelman said that although there are still sharp divisions, the passage of the Privacy Shield data transfer framework in July is evidence that the U.S. and EU are able to find consensus. The framework is the successor of Safe Harbor, which was invalidated by the European Court of Justice last fall.

"We have just spent the last two and a half years working with, debating our EU commission colleagues over the questions of surveillance domestically and whether U.S. domestic surveillance...violated the Europeans' rights," Edelman said.

"The U.S. has privacy laws, Europe has privacy laws. They're both strong, they're just different," he added. "Privacy Shield serves to bridge that gap to ensure companies can meet the standards of both of them."

Edelman argued that in the wake of the NSA disclosures, the U.S. substantially increased its transparency about surveillance and data collection and offered more privacy disclosures and protections. He said he expects more internal debate in Europe and more Americans asking how European countries are safeguarding their privacy.

He said there are continuing differences of opinion and questions about topics such as intermediate liability protections, innovation and free speech.

"How do we jointly confront the questions of terrorist propaganda online?" he asked. "How do we work to ensure that...when [individuals] put content up, [it is] not subject to arbitrary deletion?"

Edelman argued that the U.S. and the EU agree on more than they disagree on, but the disagreements get far more attention. He cited the increase of threat and intelligence information sharing between the U.S. and EU partners as an example of cooperation that doesn't get much attention.

Furthermore, he said domestic politics and ethics are significant challenges to the transatlantic partnership.

"What you're seeing here is what is essentially two steps forward, one step back in terms of an attempt to develop a clearer global consensus," he said.

EU courts and governments have weighed in on transatlantic cyberspace agreements, but internal U.S. debates have major implications for international policy as well.

"Nationally, I would argue that we are in a very, very dangerous period when it comes to the intersection of free expression and the internet -- maybe unprecedented," Edelman said. "We have suddenly collectively decided as a society that as soon as a trove of private email is hacked by a shadowy, unknown actor and put on Pastebin -- whether it was the result of a foreign intelligence service...or some guy who was mad at somebody else -- that it is acceptable for that information to be out in the public for everyone for all time."

He added that encryption debates persist on both sides of the Atlantic and will not be resolved soon, but they cannot be framed as a choice between encryption or no encryption. Instead, the discussion should be "one in which there is a real need, a national security imperative and an economic imperative to try to find a way to bridge that gap," Edelman said.