Moderator: Greetings to everyone from the U.S. State Department’s Brussels Media Hub. I’d like to welcome our participants dialing in from around the world to today’s background call on the European Court of Justice’s Privacy Shield ruling.

Today we are very pleased to be joined by two officials from the U.S. Government who will provide official American reaction to the decision. The primary speaker should be identified as a “Senior U.S. Government Official” for your reporting purposes. We also have a “Senior Department of Justice Official” on the line who will address legal issues, as appropriate.

We will begin today’s call with opening remarks, and then we will turn to your questions. We will do our best to get to as many as possible in the time that we have, which is still approximately 30 minutes. As a reminder, today’s call is on background with the attribution I just provided.

With that, I will turn it over to our senior U.S. Government official for opening remarks. Please go ahead.

Senior U.S. Government Official: Thank you. Good morning and good afternoon. As you would imagine, many of us in Washington and elsewhere are reviewing this morning’s ruling very closely. As the Secretary of Commerce Wilbur Ross noted in his press statement today, we are deeply disappointed that the court appears to have invalidated the Commission’s adequacy decision that underlies the Privacy Shield framework, but we are still studying the decision to fully understand its practical impacts.

The United States had, of course, participated actively in the case with the aim of providing the court with a full understanding of U.S. laws and practices regarding national security access to data, and how those measures meet, and in many cases exceed, the rules governing government access to data in foreign jurisdictions, including in Europe.

I will note that senior U.S. officials and those deeply involved with the Privacy Shield framework have been in close contact with the European Commission and the EDPB, the European Data Protection Board, on this matter for quite some time, and we do hope to be able

to limit the negative consequences to the transatlantic data flows that have become so vital to our $7 trillion economic relationship.

Secretary Ross has had several discussions with a number of high-level EU officials in recent days on the Schrems matter, including Vice President Jourova and Commissioner Reynders. One key takeaway I think that is important to share is now, more than ever, as I think Vice President Jourova noted herself earlier today, the United States and Europe have a shared interest in maintaining cooperation both on protecting individual privacy and ensuring the continuity of data transfers for our economies and for our societies.

I think with the accelerating digitization we’re seeing across the global economy these transfers have become absolutely indispensable not just for big tech companies but for businesses of all sizes in every industry sector. I think that fact has been borne out. We now have over 5,300 organizations participating in the Privacy Shield program, and over 70 percent of those are small- and medium-size enterprises with fewer than 500 employees.

In addition, as our respective economies continue to recover from the COVID pandemic, it’s critical that our companies and other key organizations be able to transfer data without interruption but also in a manner consistent with the strong protections that Privacy Shield afforded.

Now at issue in Schrems II, as everyone knows, were concerns regarding government access to personal data for national security purposes. Unfortunately, by invalidating Privacy Shield, the court’s decision eliminates the predictable enforceable legal protections and redress mechanisms that were afforded to EU individuals with respect to data collection use not only by government but by companies as well.

Now that said, the United States does remain committed to working with the EU to ensure continuity in transatlantic data flows and privacy protections, and we are already in discussions with the Commission and the EDPB, European Data Protection Board, at various levels on how best to do so in the wake of today’s ruling.

So thank you for that opportunity to share our views.

Moderator: Great, thank you very much for those remarks. We’ll now begin the question-and-answer portion of today’s call. Our first question comes to us from Dave Perera with MLex in the United States. Please go ahead.

Question: Hi, thank you so much for doing this call. Thank you for taking my question. Given the fact that this is the second time that a European court has invalidated a transatlantic data protection privacy mechanism enabling those data flows, is there a fundamental incompatibility between EU and U.S. approaches to privacy?

Senior U.S. Government Official: I think the best way to answer that is to say that, of course, at a high level we’re both like-minded, we’re both democratic societies, we both value privacy, and so we do have these shared values. We do take somewhat different approaches, but I think

Safe Harbor and then Privacy Shield proved that we were able to bridge those differences, and I think it’s our expectation that we should be able to do so yet again.

Moderator: Great, thank you very much for that. Our next question comes to us from Daniel Stoller with Bloomberg. Please go ahead.

Question: Thanks so much for doing this. Within your discussions with EU officials, do you guys have a timeline on when a new deal may be struck? And then separately, do you all have confidence that standard clauses can be used, especially with U.S. surveillance practices and the concerns the EU raised?

Senior U.S. Government Official: So thanks, it’s a good question. I think it would be premature and irresponsible to provide any specific timeline at this point. As I noted, we are still reviewing, as I’m sure others are, the court’s decision and assessing the situation. Our interagency needs to talk here, and then conversations need to continue with the Commission and the EDPB, so I’d really be reluctant to even speculate on a timeframe.

On SCCs, again, we’re still digesting the ruling, so I think I probably shouldn’t say anything further on that just yet.

Moderator: Great, thank you for that. Our next question comes to us from Adam Satariano with The New York Times. Please go ahead.

Question: Thank you. The first question I have, are you aware of any immediate disruption of data flows that’s going to occur between the United States and Europe for any business or organization?

And then separately, Max Schrems – afterwards he put out a statement that said – expressed a view essentially that to comply with this ruling will require the United States to change its surveillance laws. Is that something that is possible to happen?

Senior U.S. Government Official: So let me address your first question, and then I’ll defer to my colleague as to whether she might want to respond to that second portion.

As to whether there will be a grace period of some type, I think at the hearing in July of ’19, if I’m remembering correctly, both the UK and the Business Software Alliance – both were parties to the proceedings – did ask that in the event of a negative ruling could the court issue some sort of delay or transition period to allow businesses to adjust.

Again, still going through the ruling, but I think as we did after Safe Harbor was invalidated in 2015, we will work closely with the Commission and the DPA’s EDPB on how to best ensure continuity in transatlantic data flows and privacy protections in the wake of today’s decision.

I would encourage companies and other organizations that use Privacy Shield, for example, to check in regularly on the Privacy Shield website, to reach out to the Commission, to the U.S.

Department of Commerce. I know the team there at the Commerce Department will be trying to issue guidance on the website as it becomes available and updates as they become available.

Moderator: Thank you very much for that.

Senior Department of Justice Official: All I would add is that we are still studying the decision to understand the full legal ramifications and to consider any consequences. We did make changes to our laws after Schrems I. I don’t know whether further changes will be advisable or possible at this time.

But throughout these proceedings, the United States has affirmed its commitment to high levels of data privacy in its national security laws, a commitment we share with our partners in the EU and EU member states, which also are democratic states based on the rule of law. So these are subjects that we will consider internally and also in discussions with our partners in the EU.

Moderator: Thank you very much for that. Our next question comes to us – it was submitted in advance. This is from Naomi O’Leary of The Irish Times. Her question is: Does this ruling affect the attractiveness of Ireland as a base for U.S. tech companies?

Senior U.S. Government Official: Thank you for the question. I don’t know that I have a ready answer on that. I would imagine, again, as we engage with the Commission and the EDPB, we

do have a shared interest in providing certainty and clarity as quickly as possible. And that’s our hope on this end, and again, I believe that’s a shared hope on both sides.

We’ve worked constructively since Privacy Shield was negotiated in 2016 and implemented over the last four years, through three successful annual reviews, and throughout the intervening periods between those reviews. So there are very strong relationships. There’s a good deal of trust, and I’m hopeful that we can provide clarity in short order to ensure that there is no impact or uncertainty around the attractiveness of Ireland or any other member state, for that matter.

Moderator: Great, thank you very much for that. Our next question comes to us from Tomas Miglierina with the Swiss Broadcast Corporation. Please go ahead, Tomas.

Question: Yes. Hi. This is Tomas from the Swiss Broadcasting Corporation in Brussels. I wonder whether you have – you can share with us any consideration concerning the impact on your relations with us, with Switzerland, or with the UK post-Brexit, because I don’t have any intelligence on that, on that. But I assume that the Commission is going to ask to any country that wants to have free data flow with the European Union to also have the same view of what the situation is in the U.S. to avoid that we – that we are being used to be – to circumvent basically their concerns. Thank you.

Senior U.S. Government Official: No, thank you for the question. And I should have made it clear at the outset we are also in contact, regular contact, with our Swiss partners and with the UK’s Department for Digital, Culture, Media and Sport, DCMS, to ensure continuity of data flows in the UK – with the UK, excuse me – post-Brexit, and of course with Switzerland.

Specifically with regard to the UK, it’s our understanding that GDPR obviously will continue to apply to U.S.-UK data flows for the time being, and we are engaged in ongoing discussions with DCMS or – and the Swiss to ensure the free flow of data. Beyond that, I don’t know that I can get into specifics right now, but I can assure you these conversations have been underway for quite a while.

Moderator: Great, thanks for that. Our next question comes to us from Leonie Kijewski with DPA in Brussels. Please go ahead.

Question: Yeah, hi. I know that you said that you don’t have a timeline for the deal at the moment, but are you working on a new agreement already? And if so, does that include more protection for EU citizens?

Senior U.S. Government Official: Well, no, thank you for that question. Again, at the risk of being repetitive, we have been talking about this, the U.S. interagency with our counterparts in

the EU, since, frankly, before the last annual review. The issue – there’s only so much contingency planning you can do unless or until you have the ruling in hand. And since we’ve just had the ruling for a few hours now, I think there are a number of discussions that need to be had.

So while there is nothing readily baked, there has certainly been a great many consultations and discussions about scenarios and possibilities. So at the risk of being a bit vague, I think some of the issues were probably anticipated. Obviously, some were laid out in the Advocate General’s preliminary advisory opinion last December. But there are a number of discussions still to come.

Moderator: Great, thank you. Our next question comes to us from Vincent Manancourt with Politico. Please go ahead, Vincent.

Question: Hi. Sorry, my call cut out so I missed some of the call, so apologies if some of this is repetitive. But I was just wondering what the concrete next steps are for negotiations on a new deal, and on whether there are any – whether you foresee making any changes to the U.S. surveillance regime to bring it in line with the EU data protection law.

Senior U.S. Government Official: Well, concrete steps right now for us are reviewing the ruling, today’s ruling, multiple times to make sure that we all fully understand it and have analyzed it. And then we have to talk about it amongst ourselves with the U.S. interagency on this side, and then have those conversations again with the commission and the EDPB. Again, I think this question was asked earlier, but I will turn it over to my colleague to see if she wants to speak to the surveillance elements.

Senior Department of Justice Official: Sure. It’s really premature for us to even speculate on whether changes to U.S. law, further changes to U.S. law, would be advisable or even possible. I said this before, but we did make some changes after Schrems I, and we will just have to analyze this decision to determine whether further changes are necessary and possible.

Moderator: Great, thank you for that. Our next question comes to us from Karoline Beisel with Süddeutsche Zeitung. Please go ahead.

Question: Thank you for this briefing. In your opening statement, you said that with the decision to invalidate the shield that certain redress mechanisms for EU individuals will be gone. And I was wondering if you could explain a little bit more about consequences for U.S. citizens, also because many of the big companies we are talking about are based in the U.S. But the other way around: What would be the direct consequences for U.S. citizens? Thank you.

Senior U.S. Government Official: Sure. Well, I mean, Privacy Shield added a number of elements to safe harbor. I mean, in some ways it’s very similar, but obviously there were significant differences. But for example, the arbitration mechanism was added in addition to the ombudsperson mechanism for EU individuals. And again, by invalidating Privacy Shield, unless or until we get a successful framework in place, with today’s ruling, those go away.

Moderator: Great, thanks for that. We have time for one last question, and it’s the second time around from Dave Perera with MLex. Please go ahead, Dave.

Question: Thank you for taking my second question. I wonder if what’s happening is also perhaps unfair to the U.S. I’ve had some people suggest that the U.S., by being transparent about its foreign intelligence and terrorism surveillance mechanisms, is being in effect penalized for transparency, whereas similar mechanisms going on in Europe are obscured and therefore not the subject of contentions such as this.

Senior U.S. Government Official: So again, I’ll ask my colleague if she wants to respond to that.

Senior Department of Justice Official: No, I think that’s an opinion, not a legal issue. The U.S. is transparent, more transparent than many countries. Whether the U.S. is being penalized for its transparency is a subjective view, not a legal issue.

Moderator: Okay, thank you for that. Unfortunately, that was the last question that we have time for today. I’d like to see if our two senior officials have any closing remarks they’d like to offer.

Senior U.S. Government Official: I think I’ve said what I can say at this point, but thank you.

Senior Department of Justice Official: Yeah. No, I think we just want to thank everyone for their time and their questions.

Moderator: Great. Well, I’d like to thank our two U.S. officials for joining us today and thank all the reporters on the line for your participation and for your questions.

The Brussels Hub will circulate a transcript of the call shortly to those who RSVP’d. A digital recording of today’s call will be available for 24 hours. This concludes today’s call. Thank you very much.

Senior U.S. Government Official: Thank you.

U.S. Department of State

The Lessons of 1989: Freedom and Our Future