Adriana Sanford, pictured at left, is a clinical associate professor at the W.P. Carey School of Business, a visiting research professor of the Universidad de Talca, Facultad de Economía y Negocios, and a Dean’s visiting scholar of Georgetown University Law Center. She is a Chilean-American author, international corporate lawyer and media personality. Her research focuses on privacy and data protection reform, human rights-related risks in the global supply chain, and sorting through proliferating anti-corruption standards from new and diverse legislation that competes or conflicts with one another.
Sanford holds a law degree from the University of Notre Dame and a dual masters of law degree from Georgetown University Law Center. She is a frequent expert commentator on the CNN show “CNN Dinero” and is a senior international correspondent for Manufacturing Talk Radio.
She teaches law and business ethics to over 1,300 graduate and undergraduate students at the W. P. Carey School of Business and is a 2016 candidate to the board of directors of Amnesty International USA.
She spoke with Manufacturing Talk Radio about Brexit, privacy, data protection, the transatlantic flow of data, and what this could mean for the United States and our US companies.
QUESTION: What does Brexit mean for Britain, Europe and the world?
ANSWER: “We now have a fractured transatlantic landscape. It is difficult to predict what will happen to Britain. The road is unclear and the exit rules contained in Article 50 of the Treaty of Lisbon are brief. It may take two years for the exit deal. The majority of voters in Scotland and Northern Ireland wished to remain in EU. Scotland may seek their independence and then re-join the EU. If so, Scotland will probably adopt the euro as their currency.
“Regional security remains a concern and Scotland wants to ban nuclear weapons on moral grounds. In such a case the nuclear weapons would need to be relocated, which could potentially cost billions of dollars.
“There could be heightened uncertainty over Britain’s relationships with other countries. If Britain’s economy suffers after Brexit, the exports of the US to Britain will be impacted.
QUESTION: Any advice regarding the serious challenges facing our technology industry, the recent terrorist attacks, and the wake of high-profile data breaches in this country?
ANSWER: “Although there may be privacy protection issues and different security threats in the United States and Europe, it is clear that a global consistent approach is needed to combat cyber war and terrorism. We’re all interrelated.
“The FBI is rightfully concerned about the effects that new technology could potentially have on investigations, including the risk that criminal and terrorist groups may “go dark” by using encryption technology to duck the attention of the law. US law enforcement will continue to face challenges in their efforts to keep us safe particularly stemming from the “encryption explosion”.
“Privacy and security rights, however, must be carefully weighted and balanced, as they have major implications on a global scale, on our trade agreements, and on fundamental rights. We need an international legal process for handling issues that may have a strong international impact on human rights or have the potential to create conflicts of law.
QUESTION: Would you explain some important macro-level trends shaping the current and future of both privacy protections and governments’ ability to safeguard citizens?
ANSWER: “Risks of harm to privacy interests have become so abundant in the past three years that they require special attention. Many discussions of counterterrorism and the war on terror involve this issue and the data protection of the individual citizen.
“The first trend is that the legal environment in several common-law jurisdictions has changed dramatically. In contrast to the classic US “reasonable expectation” legal standard for privacy, some countries have adopted a more objective standard. The Canadian perspective is anchored in proportionality.
“The second trend stems from recent EU rulings. The invalidation by the European Court of Justice (ECJ) of the EU-US Safe Harbor Agreement in October 2015 by the Maximillian Schrems v. Data Protection Commissioner Case affected thousands of US corporations that had previously “self-certified” to ensure adequate protection as was demanded in the EU Data Protection Directive to legitimize transfers of personal data from Europe to the US.
“Cordial international relations are sometimes at risk and reforms are needed across the globe to build confidence and trust. As we continue to confront borderless crimes and terrorism, the need for collaboration between the US and the EU has never been greater.
QUESTION: Would you explain the significance of this European Court of Justice ruling and the current state of affairs?
ANSWER: “The ECJ ruled that the US needed to provide “essentially equivalent” data protection for transfers from the EU; the current Safe Harbor arrangement enabled potential interference by US public authorities with the fundamental rights of EU citizens as set forth by the Charter of Fundamental Rights of the European Union.
“According to the ECJ, the EU Commission must take into account US surveillance laws and mass surveillance practices, as any data that companies such as Facebook, Google or Microsoft collect could be readily available to US intelligence. This ruling was not surprising in the light of the revelations made in 2013 by Edward Snowden concerning the activities of the US intelligence services, particularly the National Security Agency.
“There is some possibility that a new EU-US Privacy Shield deal will replace the now invalidated Safe Harbor mechanism to enable the transfer of European personal data to the US. We are however, concerned that this new arrangement does not address some of the concerns set forth by the ECJ.
“The European Union privacy reform has highlighted the need for consistent, global legislation to help businesses protect customer and supplier information. This reform legislation could potentially provide a basic framework for data privacy legislation to other regions and countries around the globe.
QUESTION: What are some of the deficiencies or concerns with the Privacy Shield data-sharing deal?
ANSWER: “While the Privacy Shield is a substantial improvement on the previous system, US legislation and practice still does not offer sufficient protection of any data transferred to the US against surveillance by US public authorities.
“If issues such as US government authorities’ ability access to data or the possibility of collecting bulk data in “exceptional cases” that may be contrary to the EU Charter of Fundamental Rights are not addressed, this new agreement may have no chance of being upheld if challenged as this framework does not tackle these concerns which were outlined by the ECJ.
“Additional concerns are stemming from the complexity of the judicial redress system and the independence of a proposed US ombudsperson. The European commission is expected to make a final decision on Privacy Shield agreement by end of June, 2016.
QUESTION: How can other governments protect their citizens’ privacy?
ANSWER: “Some countries do not have comprehensive national legislation regulating data privacy. Creating a national privacy law would require that any data shared with other countries is accurate, and would place obligations upon that government to provide its citizens with the necessary rights to ensure that their privacy is being protected.
“It is also important to seek strong assurances from the other countries about how their citizens’ data will be treated and protected and ensure that its information practices meet international standards to protect against abuses, errors, and other related risks to privacy.
“Establishing a national privacy commissioner would allow citizens to appeal for assistance when problems arise, such as erroneous data results in being repeatedly detained at a given border.
QUESTION: What are some significant concerns and ethical challenges facing our country involving issues of privacy and data protection?
ANSWER: “Complying with multijurisdictional requirements that compete or conflict with one another will remain among the primary concerns of global businesses and their executives. There are potential ramifications for the American economy at large and businesses in all sectors, particularly the technology sector.
“Consumer cloud service providers are concerned about ramifications of conflicts of laws where inconsistent or conflicting data privacy legislation could hinder their ability to do business and store data in centers in Europe or other locations.
“The 2014 court ruling upholding a warrant and requiring Microsoft to abide by a request by the US government for personal data processed by Microsoft outside the US created serious concerns for the cloud computing industry.
“Companies and senior executives need the ability to expand globally without the added concern of penalties or potential personal criminal liability for non-compliance due to conflicting country laws.