Was this page helpful?

Remarks By Secretary Wilbur Ross at the Privacy Shield Framework, Third Annual Review


Thank you, Jim, for that kind introduction. Good morning everyone, and welcome to the Third Annual Joint Review of the EU – U.S. Privacy Shield Framework. Thank you, Director-General Astola — and the entire European delegation — for making the trans-Atlantic trip to discuss Privacy Shield and our shared commitment to protecting personal data.

Commissioner Jourova was called to meetings with President-elect von der Leyen. She has been nominated to become the new Commissioner for Values and Transparency. It was a pleasure to work with her in developing and implementing the Privacy Shield Framework — and I wish her the very best success in her new assignment. 

Thank you, as well, to all the members of the European Data Protection Board who join us for this review. You provide important guidance to European governments and individuals on privacy issues, and we will appreciate your expertise and insights on the issues that will be discussed over the next two days. All of us were saddened to hear about the passing of your colleague, Giovanni Buttarelli, on August 20th. He dedicated himself to the cause of protecting personal data. Your commitment to the functioning of the Privacy Shield Framework continues his work in our increasingly complex, digitized world.

The Privacy Shield program has come a long way over the past three years — thanks entirely to the dedication of the technical and legal experts from the United States and Europe who are with us today. I have had the honor of attending all three Privacy Shield Annual Reviews. At the time of the first review in Washington in 2017, more than 2,400 organizations had been certified by the Commerce Department. By the second review in Brussels last year, nearly 4,000 organizations were part of the Privacy Shield program. Today, we have more than 5,000 participating organizations. These organizations range from startups to multinationals in virtually every industry sector — and over 70 percent of these companies are small- and medium-sized enterprises. Privacy Shield-certified businesses support millions of jobs on both sides of the Atlantic; and they underpin the $7.1 trillion in trade and investment between the United States and Europe. Privacy Shield’s protections for personal information enable the cross-border data flows that are increasingly crucial to our economies — and to our democracies. 

Today, the world is experiencing extraordinary increases in connectivity. There are now more than 4 billion Internet users around the planet. Each day, they help generate close to 2.5 quintillion bytes of data — a figure followed by 17 zeroes. By 2025, six billion Internet users will be generating 10 times as much data. I’m not sure what you would call that amount of data, but it’s getting closer to infinity.

The ability to transfer data across national boundaries is critical to commerce for all types of companies and consumers. Such transfers already drive about 22 percent of global economic output. These cross-border data flows are indispensable — not just for big, multinational tech companies, but for traditional industries, and for small- and medium-sized businesses as well. Entrepreneurs, start-ups and small businesses are all leveraging data to access global markets and global value chains at unprecedented rates. But, because these data flows so often involve personal information, we must recognize that privacy and data protection are essential. Although the United States and Europe take different approaches to privacy and data protection, we share the same goals. Through proven mechanisms like Privacy Shield, we have demonstrated that we can successfully bridge our different approaches and arrive at mutually acceptable principles.

But our work has only just begun. We must to continue to build more of these bridges, just as we have done with increasing success in APEC by expanding the Cross Border Privacy Rules System. The success of our “Transatlantic Bridge” — Privacy Shield — cannot be more clear. With Privacy Shield’s growth, more individuals from Europe than ever before have access to the Framework’s mechanisms to address concerns about the use of their data. The unprecedented Privacy Shield Ombudsperson mechanism has been in continuous operation since the Framework was implemented. I continue to be ready to take requests from EU and Swiss authorities to investigate complaints about inappropriate government access to personal data. 

We welcome Under Secretary of State Keith Krach, who now serves in the Ombudsperson role. The Federal Trade Commission has made enforcement of the Framework a high priority. Already, they have brought multiple enforcement actions against companies that falsely claim their participation in the program.

We also continue to make the administration of the Privacy Shield program a top priority at the Commerce Department. We have increased the size of our staff to work with more companies and stakeholders. We have enhanced the certification process. We have expanded public awareness programs on both sides of the Atlantic, encouraging more individuals to exercise their rights for redress under Privacy Shield. We have provided referrals to the FTC and have undertaken more frequent checks to ensure that companies are complying with the requirements. The entire U.S. government is committed to the success of the Framework. This commitment is impressive, and it is reflected in the number of people who will be addressing this gathering.

I am gratified that you will discuss the legal and national security aspects of the Framework, not only with the Under Secretary Krach, but also with the Privacy and Civil Liberties Oversight Board; the Departments of Commerce, State, Justice, and Transportation; and the office of the Director of National Intelligence. This whole-of-government approach means that we intend to work with you, our European counterparts, to maintain our shared values at a time when certain authoritarian states disregard the privacy of their citizens. These nations do not adhere to the rule of law, the protection of personal information, or civil liberties. Our transatlantic differences on these issues pale in comparison to the privacy abuses sanctioned by some other nations. These perfidious nations sow doubt within the alliance of representative democracies — although no real discord exists.

We are in full agreement on the need to protect our basic human rights, and the sanctity of our citizens’ privacy. Accordingly, we will work with all of you in the European Commission and the European Data Protection Board to ensure that Privacy Shield functions effectively for our governments, our businesses, and our citizens. I look forward to doing whatever I can to ensure the success of the Privacy Shield program. My best to all of you for a very productive meeting. Thank you, again, for making the trip from Europe. And enjoy your stay in Washington. Thank you.