The Transatlantic Data Privacy Conflict: An Analysis of the Sustainability of the EU-U.S. Privacy Shield

Abstract

In this modern Information Age, personal data is constantly being collected for a number of purposes and through various platforms. In particular, cross-border data flows increase as digital services and technology companies expand their scope of operation. For the EU and the U.S., the regulation of transatlantic data transfers poses a unique challenge, considering the significant differences between the two cultures. Specifically, the EU and the U.S. have fundamentally different understandings of the right to data protection and have adopted contrasting approaches in regulating data protection.

At the same time, the EU and the U.S. currently cooperate on the EU-U.S. Privacy Shield, which facilitates a streamlined data transfer process from the EU to the U.S. Under the EU-U.S. Privacy Shield framework, U.S.-based companies are able to transfer data collected from EU individuals to the U.S. while meeting the EU’s higher standards for data protection. Given the tensions between the EU and the U.S. around the subject of data protection, the Privacy Shield is precariously balanced and vulnerable to legal challenges.

In this thesis, I examine the central question: Under what conditions is the EU-U.S. Privacy Shield a sustainable arrangement? I present a “three-level convergence model” that evaluates the extent of convergence between the EU and the U.S. at the legal, regulatory, and governmental commitment levels. I argue that the Privacy Shield is sustainable as long as the overall balance of convergence remains within an “range of acceptable pretense.”

By analyzing the current Privacy Shield arrangement under this model, I conclude that: (1) convergence has largely been achieved at the legal level; (2) there is a movement towards convergence at the regulatory level despite ongoing challenges in the implementation of the Privacy Shield; and (3) there is currently a movement towards divergence at the governmental commitment level. This thesis concludes by warning of the dangers in continued divergence, which will likely result in the eventual collapse of the Privacy Shield agreement.