ethikos 34, no. 11 (November 2020)
The European Court of Justice’s decision in July to invalidate the mechanism by which data was transferred between the European Union (EU) and the United States is primarily a question of data controls, but it also invokes ethical considerations that demonstrate crucial differences between the way the EU and the US operate.
The decision to invalidate Privacy Shield, the mechanism by which data was transferred, rested on the fact that the US surveillances all incoming data transfers to some degree, and EU citizens have little to no judicial redress for having their rights violated by US surveillance efforts. Neither the US nor the EU questioned US spying activities—the EU ruled that spying violates the rights of EU citizens, and the US abided by that decision. Both sides stated they would like to find a suitable alternative that keeps the economic relationships between the two alive.
The ethical questions remain. Is it ethical for the US government to spy on incoming and outgoing communications? Is national security a valid argument for widespread surveillance? How do companies, now aware of the spying practices, maintain ethical business relationships with their consumers? Where exactly is the line between privacy and security?
These questions are important now but become even more important as the EU’s drive to build ethical regulatory frameworks bumps up against the US’s drive to maintain secure control over borders and flows of information.
1 Caitlin Fennessy, “The ‘Schrems II’ decision: EU-US data transfers in question schedule,” International Association of Privacy Professionals, July 16, 2020, https://bit.ly/3djzmNK.