On Monday, Annalena Baerbock will travel to Kiev, and in the evening, she will continue on to Moscow. The circumstances of the visit could scarcely be more difficult: The German foreign minister can hardly meet the demands of her Ukrainian hosts for arms deliveries and a halt to Nord Stream 2 – the former out of her own conviction, the latter because of the stubbornness of her coalition partner, the SPD. Meanwhile, growing fears of war are causing energy prices in Europe to go on a rollercoaster ride, prompting the traffic light coalition to debate further aid for strained households.
Responsibility for this situation lies primarily with Moscow. But Berlin has let the Kremlin have its way, as rightly denounced by a group of Eastern Europe and security experts. Dependence on Russian gas, the interests of German industry, and a misconceived willingness to engage in dialogue prevent the German government from setting limits on Russia beyond verbal notes. The past few weeks have solidified the impression among many neighboring states: The weak link in Europe’s response to Vladimir Putin is not Budapest or Vienna, but Berlin.
Meanwhile, Moscow is flexing its muscles. In addition to troop deployments, this also includes covert cyber operations. In any case, the Ukrainian authorities assume that the traces of the latest hacker attacks lead to Russia. Read more in the news.
In Brussels, Thierry Breton is working flat out to reduce Europe’s strategic dependencies in another field of technology: the semiconductor industry. The European Commissioner for Internal Market wants to present the Chips Act in just a few weeks, only a few months after his boss Ursula von der Leyen announced the project. The speed, which is breakneck by Brussels standards, is prompting caution from both inside and outside the Commission that the rush should not be at the expense of the accuracy of the concepts and the billions in funding to be distributed. Read more about this in my analysis.
In most EU member states, the electronic prescription has long been a reality in patient care. The list ranges from Croatia to Denmark, Estonia, and Spain. In Germany, on the other hand, the project was recently called off once again. The fact that Germany, of all countries, has failed in this not overly complex project says a lot about the encrusted structures in the local healthcare system, as Eugenie Ankowitsch reports. Karl Lauterbach has his work cut out for him, even beyond Omicron.
I wish you a good start to the new week,
Thierry Breton is stepping up the pace. The European Commissioner for Internal Market wants to present the proposal for a European Chips Act “in a few weeks”, according to sources close to him. The responsible staff members in his cabinet and the Directorates-General involved are currently working almost around the clock, according to the Commission, and their Christmas break has been “very short”.
Commission President Ursula von der Leyen first announced the Chips Act in her State of the EU address in mid-September – surprising many in her own camp. The proposal had initially been scheduled for the second half of 2022. From Breton’s point of view, this is far too late: The former CEO sees great pressure to act in view of the acute supply crisis and the geopolitical importance of the sector. At present, the project is included in the authority’s non-binding planning without a specific date.
Others in the Commission, however, warn that excessive haste could cause technical errors. According to reports, this includes Vice President Margrethe Vestager. The skeptics point to other examples, such as the Data Act: In November, the internal committee for regulatory control had referred the impact assessment, which had also been prepared under great time pressure, back to the departments because of deficiencies.
Experts also warn: “The semiconductor industry in Europe needs an effective long-term strategy with the right framework conditions, so the Commission should not rush into anything,” says Julia Hess, a researcher at the New Responsibility Foundation (SNV).
Breton’s haste, presumably with von der Leyen’s agreement, is explained by the highly ambitious goal: Europe’s share of global semiconductor production is to rise from less than ten percent at present to 20 percent by 2030. If the market doubles as expected by then, production capacities in the EU would have to increase about fivefold in the remaining eight years.
To make this possible, the Chips Act provides for three building blocks:
The focus is on the second point, the location of new factories by European manufacturers and international corporations such as Intel, Samsung, or TSMC from Taiwan. The Chips Act is intended to specify the extent to which the state aid framework will be relaxed. Several governments, above all Berlin and Paris, are already courting the companies with the prospect of billions in subsidies, and the US supplier Intel intends to announce its location decision shortly. However, it will take years to set up new production capacities. High subsidies for the companies are standard international practice – without support, it is almost impossible to persuade a company to invest in this capital-intensive sector.
Hess warns, however, that without a realistic picture of actual demand in Europe, there is “a danger that subsidies will not be really effective”. A number of industry associations have already warned that Breton should not focus subsidies one-sidedly on “leading edge” semiconductors with very small structure sizes. So far, Europe’s companies have hardly asked for such chips; in important customer industries such as the automotive industry or medical technology, significantly larger structures are in demand. Europe’s long-term strategy should promote the production of technologically leading components for key domestic industries “without limiting itself to certain structure sizes or technologies,” the industry association Semi just called for in a statement.
Wolfgang Weber, CEO of the industry association ZVEI, warns: “It is essential that Europe has competencies in all types of semiconductors”. The European Chips Act must create a favorable environment for investment – starting with the promotion of the establishment and expansion of production capacities, tax incentives, the acceleration of building permits, and the strengthening of the promotion of young talent.
SNV expert Hess also insists on not focusing too much on the chip factories. Other parts of the value chain, upstream chip design or downstream packaging of semiconductors, are just as important, she says. ” Advanced packaging, in particular, is becoming increasingly important to further improve chip performance,” she says. Here, however, Europe’s share is currently only five percent, she adds. Hess: “Here, too, the framework conditions must be improved, and not necessarily through subsidies.”
There is a website promoting the benefits of digital prescription. An app is also available for download and has already been downloaded tens of thousands of times. The e-prescription was to be one of the first mandatory applications in the digital healthcare system. But the Germany-wide mandatory launch failed to attract media attention a few weeks ago.
How the electronic prescription is supposed to work can be quickly summarized: Doctors’ offices create an electronic prescription and transmit it in encrypted form via the so-called telematics infrastructure to a server operated by Gematik, the national agency for the digitization of healthcare. Patients receive a QR code, either as a printout or digitally in the app. They show the QR code they have received at the pharmacy of choice. The pharmacist can then call up the corresponding prescription and dispense the medication.
After years of preparatory work and a six-month test phase, the electronic regulation was to be implemented on a mandatory basis on January 1st, 2022. But that has failed miserably. The new Federal Minister of Health, Karl Lauterbach (SPD), pulled the ripcord about a week before the deadline. Before that, the parties involved had more or less settled their differences in public.
Already in the test phase, Gematik had great difficulties in recruiting testers. In the beginning, only one software provider was willing and able to equip “their” physicians with the corresponding software, as the agency announced upon request. The manufacturer covers only three percent of the market. In total, there are about 160 providers in the extremely fragmented market for medical practice software.
Interest among health insurers was also manageable. Only two health insurance companies wanted to participate at the beginning of the test phase. Then the technology also caused problems, which was heavily criticized by the medical and pharmacy communities. The regional test phase was therefore extended until the end of November. However, this did not bring about the hoped-for turnaround.
In an unusual show of unity, some of Gematik’s shareholders, including the National Association of Statutory Health Insurance Physicians (KBV), the German Hospital Federation (DKG), the German Medical Association (BÄK), and the German Pharmacists Association (DAV), opposed the nationwide introduction of e-prescription in December: “The physicians, dentists, pharmacists, and hospitals appeal […] urgently to the legislator to provide for the use of the e-prescription for regular operation in practices only after a sufficient test phase and proven practicality,” according to a joint statement.
The KBV went even further and virtually canceled the mandatory introduction of the e-prescription on its own and without consultation with the partners: “If the pharmacies in spatial proximity to the practice are not able or not willing to receive and redeem e-prescriptions, the panel doctor’s practice can issue a paper prescription on sample 16 to the insured person,” was the recommendation that the KBV sent to the doctors. It is assumed that the necessary processes and components for the e-prescription “will be available across the board by mid-2022 at the earliest”.
The digitization authority does not see the technical problems noted by doctors and pharmacists as its responsibility. On July 1st, and thus on schedule, all prerequisites were created that fell within Gematik’s area of responsibility, it said in response to a query. As of today, e-prescriptions work technically almost everywhere.
The health insurance companies were not part of the alliance of doctors and pharmacists against e-prescription. On Twitter, Gematik Managing Director Markus Leyck Dieken nevertheless accused the umbrella organization of the statutory health insurance funds of not having participated sufficiently. For example, he said, the insurers had not sent their insureds the NFC-enabled electronic health cards needed to use the e-prescription app.
It recently became public that the CEOs of TK, Barmer, DAK-Gesundheit, AOK Bayern, IKK classic, Hanseatischer Krankenkasse, and BIG Direkt Gesund had contacted the new Minister of Health, Karl Lauterbach, in mid-December to promote their own e-prescription project.
According to media reports, the health insurer bosses offered to “continue and expand our functioning eRezept Deutschland project using the telematics infrastructure so that e-prescriptions can continue to be issued in Germany, and increasingly so.” However, the prerequisite is that in the future, the e-prescription will run via the Gematik app and cash register apps.
The answer from the Minister of Health, which is currently being prepared according to the BMG, is likely to disappoint the heads of the health insurance funds. According to the current legal situation, there is no room for the continued use of the health insurance app for electronic prescribing, the BMG said in response to a query. Only an app from Gematik may be used.
According to the Federal Ministry of Health, how the e-prescription will continue in Germany will be coordinated with the shareholders in the coming weeks. Gematik is to continue to closely accompany the test and rollout process. In addition, the Ministry of Health has ordered KBV, ABDA, and DKG to provide continuous updates on the level of equipment in pharmacies, practices, and hospitals starting this month. In return, Gematik is to provide its shareholders and the public with transparent information on the current status of the rollout.
After this high-profile failure, Germany continues to lag behind in an international comparison when it comes to the introduction of e-prescription. In most EU member states, including Croatia, Denmark, Estonia, Finland, Latvia, Lithuania, Norway, Portugal, Romania, Slovenia, Spain, and the Netherlands, e-prescribing has long been part of everyday healthcare, albeit not at the same level of development everywhere. In Austria, the test phase is currently underway. By mid-2022, e-prescription should be available nationwide.
In Estonia, Denmark, Sweden, Finland, and Portugal, electronic prescriptions are stored in a database and can be viewed by authorized doctors and pharmacists. In the digitization model country of Estonia, the e-prescription is linked to an electronic patient record (EPR). The practice software automatically uploads the prescription to the database. Patients then have to identify themselves at a pharmacy with their electronic health card in order to redeem it.
In Denmark, all prescriptions are processed via an app and can be viewed by both the doctor and the patient. According to a Bertelsmann study, it is also possible to transmit and cancel prescriptions electronically or to request follow-up prescriptions. Access to the country’s national health platform also runs via this app.
In other countries such as Italy, Spain, France, and the Netherlands, however, the exchange of prescription and medication data functions only regionally or partially. The reason for this is “regionally limited functioning systems or limited technical availability at national level,” according to the Bertelsmann analysis.
In addition, in Estonia, Finland, Croatia, and Portugal, it is possible to redeem electronic prescriptions across countries. The data exchange runs via the EU’s eHealth Digital Services Infrastructure (eHDSI), which connects national eHealth services. The basis for health data exchange is, among other things, the EU directive adopted in 2011 to ensure the treatment of European citizens across borders and enable member states to exchange health data securely.
But even cross-border exchange is going rather slowly. As recently as 2019, the Commission expected that up to 22 member states would be able to exchange electronic prescriptions and patient records from the end of 2021. The reality is disillusioning: Since 2019, only Croatia and Portugal have joined Finland and Estonia as pioneers.
A year and a half on from Schrems II, the US and EU are still looking for long-term solutions for transatlantic data transfers. Two ideas put forward are a comprehensive US privacy law, akin to the GDPR, and agreement on an “enhanced Privacy Shield“, by US Department of Commerce and European Commission.
While a US privacy law would solve this problem, it is unlikely to happen, at least in the short term. Advocates have tried and failed for decades. In contrast, an enhanced Privacy Shield program is likely to occur but is a doomed effort without accompanying legislative reform of the US’ surveillance practices.
Schrems II clearly states that “the legal basis which permits the interference with [fundamental] rights must itself define the scope of the limitation on the exercise of the right concerned.” Read literally, this language places the onus on Congress to remedy the grievances identified by the CJEU, which forecloses an enhanced Privacy Shield alone.
However, if paired with a modest reform of US surveillance practices targeting the specific concerns raised by the CJEU, an enhanced Privacy Shield could be a viable stop-gap measure until a federal privacy law could be enacted in the years to come.
This article proposes that option as a viable middle-of-the-road option: passing a Privacy Shield Enabling Act (PSEA) modifying US foreign intelligence surveillance law to add safeguards and remedies. Through such reforms, Congress could enable an “enhanced Privacy Shield” program to survive a legal challenge at the CJEU and thus enable organizations who need to transfer personal data across the Atlantic for operational and business purposes to do so.
The core requirements that the PSEA will need to remedy the CJEU’s concerns fall into two categories:
With those proposals in mind, the PSEA should amend FISA by
Assuming the PSEA would enable a Privacy Shield replacement program to survive review by the CJEU, it would still need to survive the American political process and judicial review by American courts, which is not a guarantee. FISA reform has been a target for privacy activists for many years, with little success. As domestic terrorism becomes a more salient issue than international terrorism, Congress may not want to prioritize FISA reform. Another issue with the PSEA is the separation of powers in US constitutional law. EO 12,333 is independent of FISA, so it would not be affected by the other reform measures above unless the PSEA had a seventh proposal:
Including this seventh proposal could render the PSEA vulnerable to a separation of powers challenge, but excluding EO 12,333 and focusing solely on FISA reform might not be enough for the PSEA to achieve its purpose. The President could always unilaterally end the problematic EO 12,333 practices and remedy the issue that way. However, policy changes with administrations, and a future President who is more hawkish on national security could reverse course and reimplement the problematic practices, reigniting this problem anew.
In the context of EU-US data transfers, there are many stakeholders with competing interests. One important group to bring to the table is the US Intelligence Community, whose participation is necessary to develop a full version of the PSEA with meaningful safeguards. The Intelligence Community may be hesitant to participate because they currently enjoy broad access to personal data. However, if these data flows are a beneficial source of information, then failing to implement modest reform risks losing them in their entirety. It is therefore in the Intelligence Community’s interest to help implement some form of the above proposals.
Finding common ground between these actors is difficult but not impossible. The US, EU, and global economy all stand to lose if these data transfers cease. The PSEA is a framework on which all stakeholders can work together to build a solution.
This viewpoint is based on a publication by the author in the Minnesota Law Review.
On Monday, Annalena Baerbock will travel to Kiev, and in the evening, she will continue on to Moscow. The circumstances of the visit could scarcely be more difficult: The German foreign minister can hardly meet the demands of her Ukrainian hosts for arms deliveries and a halt to Nord Stream 2 – the former out of her own conviction, the latter because of the stubbornness of her coalition partner, the SPD. Meanwhile, growing fears of war are causing energy prices in Europe to go on a rollercoaster ride, prompting the traffic light coalition to debate further aid for strained households.
Responsibility for this situation lies primarily with Moscow. But Berlin has let the Kremlin have its way, as rightly denounced by a group of Eastern Europe and security experts. Dependence on Russian gas, the interests of German industry, and a misconceived willingness to engage in dialogue prevent the German government from setting limits on Russia beyond verbal notes. The past few weeks have solidified the impression among many neighboring states: The weak link in Europe’s response to Vladimir Putin is not Budapest or Vienna, but Berlin.
Meanwhile, Moscow is flexing its muscles. In addition to troop deployments, this also includes covert cyber operations. In any case, the Ukrainian authorities assume that the traces of the latest hacker attacks lead to Russia. Read more in the news.
In Brussels, Thierry Breton is working flat out to reduce Europe’s strategic dependencies in another field of technology: the semiconductor industry. The European Commissioner for Internal Market wants to present the Chips Act in just a few weeks, only a few months after his boss Ursula von der Leyen announced the project. The speed, which is breakneck by Brussels standards, is prompting caution from both inside and outside the Commission that the rush should not be at the expense of the accuracy of the concepts and the billions in funding to be distributed. Read more about this in my analysis.
In most EU member states, the electronic prescription has long been a reality in patient care. The list ranges from Croatia to Denmark, Estonia, and Spain. In Germany, on the other hand, the project was recently called off once again. The fact that Germany, of all countries, has failed in this not overly complex project says a lot about the encrusted structures in the local healthcare system, as Eugenie Ankowitsch reports. Karl Lauterbach has his work cut out for him, even beyond Omicron.
I wish you a good start to the new week,
Thierry Breton is stepping up the pace. The European Commissioner for Internal Market wants to present the proposal for a European Chips Act “in a few weeks”, according to sources close to him. The responsible staff members in his cabinet and the Directorates-General involved are currently working almost around the clock, according to the Commission, and their Christmas break has been “very short”.
Commission President Ursula von der Leyen first announced the Chips Act in her State of the EU address in mid-September – surprising many in her own camp. The proposal had initially been scheduled for the second half of 2022. From Breton’s point of view, this is far too late: The former CEO sees great pressure to act in view of the acute supply crisis and the geopolitical importance of the sector. At present, the project is included in the authority’s non-binding planning without a specific date.
Others in the Commission, however, warn that excessive haste could cause technical errors. According to reports, this includes Vice President Margrethe Vestager. The skeptics point to other examples, such as the Data Act: In November, the internal committee for regulatory control had referred the impact assessment, which had also been prepared under great time pressure, back to the departments because of deficiencies.
Experts also warn: “The semiconductor industry in Europe needs an effective long-term strategy with the right framework conditions, so the Commission should not rush into anything,” says Julia Hess, a researcher at the New Responsibility Foundation (SNV).
Breton’s haste, presumably with von der Leyen’s agreement, is explained by the highly ambitious goal: Europe’s share of global semiconductor production is to rise from less than ten percent at present to 20 percent by 2030. If the market doubles as expected by then, production capacities in the EU would have to increase about fivefold in the remaining eight years.
To make this possible, the Chips Act provides for three building blocks:
The focus is on the second point, the location of new factories by European manufacturers and international corporations such as Intel, Samsung, or TSMC from Taiwan. The Chips Act is intended to specify the extent to which the state aid framework will be relaxed. Several governments, above all Berlin and Paris, are already courting the companies with the prospect of billions in subsidies, and the US supplier Intel intends to announce its location decision shortly. However, it will take years to set up new production capacities. High subsidies for the companies are standard international practice – without support, it is almost impossible to persuade a company to invest in this capital-intensive sector.
Hess warns, however, that without a realistic picture of actual demand in Europe, there is “a danger that subsidies will not be really effective”. A number of industry associations have already warned that Breton should not focus subsidies one-sidedly on “leading edge” semiconductors with very small structure sizes. So far, Europe’s companies have hardly asked for such chips; in important customer industries such as the automotive industry or medical technology, significantly larger structures are in demand. Europe’s long-term strategy should promote the production of technologically leading components for key domestic industries “without limiting itself to certain structure sizes or technologies,” the industry association Semi just called for in a statement.
Wolfgang Weber, CEO of the industry association ZVEI, warns: “It is essential that Europe has competencies in all types of semiconductors”. The European Chips Act must create a favorable environment for investment – starting with the promotion of the establishment and expansion of production capacities, tax incentives, the acceleration of building permits, and the strengthening of the promotion of young talent.
SNV expert Hess also insists on not focusing too much on the chip factories. Other parts of the value chain, upstream chip design or downstream packaging of semiconductors, are just as important, she says. ” Advanced packaging, in particular, is becoming increasingly important to further improve chip performance,” she says. Here, however, Europe’s share is currently only five percent, she adds. Hess: “Here, too, the framework conditions must be improved, and not necessarily through subsidies.”
There is a website promoting the benefits of digital prescription. An app is also available for download and has already been downloaded tens of thousands of times. The e-prescription was to be one of the first mandatory applications in the digital healthcare system. But the Germany-wide mandatory launch failed to attract media attention a few weeks ago.
How the electronic prescription is supposed to work can be quickly summarized: Doctors’ offices create an electronic prescription and transmit it in encrypted form via the so-called telematics infrastructure to a server operated by Gematik, the national agency for the digitization of healthcare. Patients receive a QR code, either as a printout or digitally in the app. They show the QR code they have received at the pharmacy of choice. The pharmacist can then call up the corresponding prescription and dispense the medication.
After years of preparatory work and a six-month test phase, the electronic regulation was to be implemented on a mandatory basis on January 1st, 2022. But that has failed miserably. The new Federal Minister of Health, Karl Lauterbach (SPD), pulled the ripcord about a week before the deadline. Before that, the parties involved had more or less settled their differences in public.
Already in the test phase, Gematik had great difficulties in recruiting testers. In the beginning, only one software provider was willing and able to equip “their” physicians with the corresponding software, as the agency announced upon request. The manufacturer covers only three percent of the market. In total, there are about 160 providers in the extremely fragmented market for medical practice software.
Interest among health insurers was also manageable. Only two health insurance companies wanted to participate at the beginning of the test phase. Then the technology also caused problems, which was heavily criticized by the medical and pharmacy communities. The regional test phase was therefore extended until the end of November. However, this did not bring about the hoped-for turnaround.
In an unusual show of unity, some of Gematik’s shareholders, including the National Association of Statutory Health Insurance Physicians (KBV), the German Hospital Federation (DKG), the German Medical Association (BÄK), and the German Pharmacists Association (DAV), opposed the nationwide introduction of e-prescription in December: “The physicians, dentists, pharmacists, and hospitals appeal […] urgently to the legislator to provide for the use of the e-prescription for regular operation in practices only after a sufficient test phase and proven practicality,” according to a joint statement.
The KBV went even further and virtually canceled the mandatory introduction of the e-prescription on its own and without consultation with the partners: “If the pharmacies in spatial proximity to the practice are not able or not willing to receive and redeem e-prescriptions, the panel doctor’s practice can issue a paper prescription on sample 16 to the insured person,” was the recommendation that the KBV sent to the doctors. It is assumed that the necessary processes and components for the e-prescription “will be available across the board by mid-2022 at the earliest”.
The digitization authority does not see the technical problems noted by doctors and pharmacists as its responsibility. On July 1st, and thus on schedule, all prerequisites were created that fell within Gematik’s area of responsibility, it said in response to a query. As of today, e-prescriptions work technically almost everywhere.
The health insurance companies were not part of the alliance of doctors and pharmacists against e-prescription. On Twitter, Gematik Managing Director Markus Leyck Dieken nevertheless accused the umbrella organization of the statutory health insurance funds of not having participated sufficiently. For example, he said, the insurers had not sent their insureds the NFC-enabled electronic health cards needed to use the e-prescription app.
It recently became public that the CEOs of TK, Barmer, DAK-Gesundheit, AOK Bayern, IKK classic, Hanseatischer Krankenkasse, and BIG Direkt Gesund had contacted the new Minister of Health, Karl Lauterbach, in mid-December to promote their own e-prescription project.
According to media reports, the health insurer bosses offered to “continue and expand our functioning eRezept Deutschland project using the telematics infrastructure so that e-prescriptions can continue to be issued in Germany, and increasingly so.” However, the prerequisite is that in the future, the e-prescription will run via the Gematik app and cash register apps.
The answer from the Minister of Health, which is currently being prepared according to the BMG, is likely to disappoint the heads of the health insurance funds. According to the current legal situation, there is no room for the continued use of the health insurance app for electronic prescribing, the BMG said in response to a query. Only an app from Gematik may be used.
According to the Federal Ministry of Health, how the e-prescription will continue in Germany will be coordinated with the shareholders in the coming weeks. Gematik is to continue to closely accompany the test and rollout process. In addition, the Ministry of Health has ordered KBV, ABDA, and DKG to provide continuous updates on the level of equipment in pharmacies, practices, and hospitals starting this month. In return, Gematik is to provide its shareholders and the public with transparent information on the current status of the rollout.
After this high-profile failure, Germany continues to lag behind in an international comparison when it comes to the introduction of e-prescription. In most EU member states, including Croatia, Denmark, Estonia, Finland, Latvia, Lithuania, Norway, Portugal, Romania, Slovenia, Spain, and the Netherlands, e-prescribing has long been part of everyday healthcare, albeit not at the same level of development everywhere. In Austria, the test phase is currently underway. By mid-2022, e-prescription should be available nationwide.
In Estonia, Denmark, Sweden, Finland, and Portugal, electronic prescriptions are stored in a database and can be viewed by authorized doctors and pharmacists. In the digitization model country of Estonia, the e-prescription is linked to an electronic patient record (EPR). The practice software automatically uploads the prescription to the database. Patients then have to identify themselves at a pharmacy with their electronic health card in order to redeem it.
In Denmark, all prescriptions are processed via an app and can be viewed by both the doctor and the patient. According to a Bertelsmann study, it is also possible to transmit and cancel prescriptions electronically or to request follow-up prescriptions. Access to the country’s national health platform also runs via this app.
In other countries such as Italy, Spain, France, and the Netherlands, however, the exchange of prescription and medication data functions only regionally or partially. The reason for this is “regionally limited functioning systems or limited technical availability at national level,” according to the Bertelsmann analysis.
In addition, in Estonia, Finland, Croatia, and Portugal, it is possible to redeem electronic prescriptions across countries. The data exchange runs via the EU’s eHealth Digital Services Infrastructure (eHDSI), which connects national eHealth services. The basis for health data exchange is, among other things, the EU directive adopted in 2011 to ensure the treatment of European citizens across borders and enable member states to exchange health data securely.
But even cross-border exchange is going rather slowly. As recently as 2019, the Commission expected that up to 22 member states would be able to exchange electronic prescriptions and patient records from the end of 2021. The reality is disillusioning: Since 2019, only Croatia and Portugal have joined Finland and Estonia as pioneers.
A year and a half on from Schrems II, the US and EU are still looking for long-term solutions for transatlantic data transfers. Two ideas put forward are a comprehensive US privacy law, akin to the GDPR, and agreement on an “enhanced Privacy Shield“, by US Department of Commerce and European Commission.
While a US privacy law would solve this problem, it is unlikely to happen, at least in the short term. Advocates have tried and failed for decades. In contrast, an enhanced Privacy Shield program is likely to occur but is a doomed effort without accompanying legislative reform of the US’ surveillance practices.
Schrems II clearly states that “the legal basis which permits the interference with [fundamental] rights must itself define the scope of the limitation on the exercise of the right concerned.” Read literally, this language places the onus on Congress to remedy the grievances identified by the CJEU, which forecloses an enhanced Privacy Shield alone.
However, if paired with a modest reform of US surveillance practices targeting the specific concerns raised by the CJEU, an enhanced Privacy Shield could be a viable stop-gap measure until a federal privacy law could be enacted in the years to come.
This article proposes that option as a viable middle-of-the-road option: passing a Privacy Shield Enabling Act (PSEA) modifying US foreign intelligence surveillance law to add safeguards and remedies. Through such reforms, Congress could enable an “enhanced Privacy Shield” program to survive a legal challenge at the CJEU and thus enable organizations who need to transfer personal data across the Atlantic for operational and business purposes to do so.
The core requirements that the PSEA will need to remedy the CJEU’s concerns fall into two categories:
With those proposals in mind, the PSEA should amend FISA by
Assuming the PSEA would enable a Privacy Shield replacement program to survive review by the CJEU, it would still need to survive the American political process and judicial review by American courts, which is not a guarantee. FISA reform has been a target for privacy activists for many years, with little success. As domestic terrorism becomes a more salient issue than international terrorism, Congress may not want to prioritize FISA reform. Another issue with the PSEA is the separation of powers in US constitutional law. EO 12,333 is independent of FISA, so it would not be affected by the other reform measures above unless the PSEA had a seventh proposal:
Including this seventh proposal could render the PSEA vulnerable to a separation of powers challenge, but excluding EO 12,333 and focusing solely on FISA reform might not be enough for the PSEA to achieve its purpose. The President could always unilaterally end the problematic EO 12,333 practices and remedy the issue that way. However, policy changes with administrations, and a future President who is more hawkish on national security could reverse course and reimplement the problematic practices, reigniting this problem anew.
In the context of EU-US data transfers, there are many stakeholders with competing interests. One important group to bring to the table is the US Intelligence Community, whose participation is necessary to develop a full version of the PSEA with meaningful safeguards. The Intelligence Community may be hesitant to participate because they currently enjoy broad access to personal data. However, if these data flows are a beneficial source of information, then failing to implement modest reform risks losing them in their entirety. It is therefore in the Intelligence Community’s interest to help implement some form of the above proposals.
Finding common ground between these actors is difficult but not impossible. The US, EU, and global economy all stand to lose if these data transfers cease. The PSEA is a framework on which all stakeholders can work together to build a solution.
This viewpoint is based on a publication by the author in the Minnesota Law Review.
