Yesterday, President Trump signed Executive Order: Enhancing Public Safety in the Interior of the United States (Jan. 25, 2017). The Order states as its purpose “interior enforcement of our Nation’s immigration laws.” Section 14 of the Order calls for denial of any rights under the Privacy Act of 1974 to any non-U.S. citizen, “to the extent consistent with applicable law.”
Sec. 14. Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
Over the course of last year, the Obama Administration undertook a big task of putting in place the new cross-border data transfer framework, EU-U.S. Privacy Shield, which involved months of drafting and negotiations with the EU authorities and the validity of which is still being challenged by various EU privacy groups. The Privacy Shield’s provision of comprehensive privacy protections was key to ensure that cross-border commercial data transfers continued after the invalidation of the Safe Harbor framework in October 2015. The Privacy Shield was open for self-certification to business on August 1, 2016, and hundreds of companies have joined the framework since that time.