As we pointed out in September of last year, redress is a major sticking point in efforts to preserve transatlantic data flows in the wake of the Schrems II ruling by the Court of Justice of the European Union (CJEU). For a country with a well-earned reputation for litigiousness, it may surprise people to learn that redress is such a problem for the U.S. Doesn’t everyone get their day in court? However, as I have learned in my project research, within the national security context, the issue of creating accessible redress is not unique to the U.S. but is present in all democracies.
In Redress: What is the problem?, Alex Joel and I tackle the redress issues implicated by Schrems II. In invalidating Privacy Shield, the CJEU took issue with the mechanisms in place within the U.S. affording individuals with ‘redress’ in instances they believe they are subjects of unlawful government surveillance. Specifically, the CJEU found that the Ombudsperson Mechanism created by Privacy Shield failed to meet EU legal requirements because it lacked independence and binding authority – substantially diminishing its absolute authority as an accountability and redress mechanism.
The article first looks at judicial redress in the United States, highlighting the “cases and controversies” clause under Article III of the Constitution requiring claimants to have “standing” to bring a case to court. As the Supreme Court reaffirmed in Clapper v. Amnesty International, “to establish Article III standing, an injury must be ‘concrete, particularized, and actual or imminent; fairly traceable to the challenged action; and redressable by a favorable ruling.’” And herein lies the problem: how can an individual overcome the standing requirement if classification rules prevent them from demonstrating that the U.S. government has collected their information?
The article looks to Europe, finding that national security secrecy can similarly make it difficult for people to bring claims to court. European cases recognize that a mix of nonjudicial and judicial measures can provide the “adequate and effective guarantees against abuse” that European law requires. In considering what a “nonjudicial” measure would look like, the article turns back to the U.S. to explore the legal issues with establishing an administrative redress mechanism that is both independent and has binding authority. As it turns out, the Supreme Court recently issued highly relevant opinions that delimit the art of the possible relating to both independence and binding authority, which the article discusses in detail.
As we said in the article, the bottom line is that the Constitution establishes boundaries that complicate the ability of the U.S. government to put in place a solution to the redress challenge raised by the Schrems II court. That said, the U.S. has a robust national security legal framework that has developed over many decades that provides flexibility to identify solutions for complex problems. With transatlantic data flows at risk, the U.S. and EU must continue working together to resolve the discrepancies between their legal systems while simultaneously meeting the demands of privacy protection and national security. Privacy Across Borders continues working hard to brainstorm solutions within the realm of possible by balancing the requirements and priorities of both the U.S. and the EU.
Please read the full article here: Redress: What is the problem? If you want to explore the impact of Schrems II on transatlantic data flows in greater depth, please consult the Privacy Across Borders’ Resource Guide. Additionally, transatlantic data flow experts, Theodore Christakis, Kenneth Propp, and Peter Swire, recently published an article assessing the realistic and available paths for creating a sufficient redress mechanism within the U.S. To get a sense of the ability of the U.S. President to address these issues through an executive order or presidential directive, see this piece by Alex Joel: Protect Privacy. That’s an Order. – Lawfare (lawfareblog.com).