US startups may now find it harder to serve European users
US tech startups and indeed other companies that serve European customers may see some legal challenges down the road. President Trump signed an executive order invalidating personally identifiable information (PII) privacy rights of anyone who’s not a US citizen or legal permanent resident. One of the provisions in the executive order is as follows:
Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
This wrinkle makes it hard for the US to hold up its end of the bargain in the Data Shield agreement that ensures that personal data of European Union citizens, which are held to more stringent privacy standards, are still private when stored on US-based servers. The weakening of noncitizen PII privacy protections may cause the European Commission to revoke its participation in the Data Shield agreement. Such a development would mean there would no longer be a legal framework for PII of European Union citizens to reside on US servers.
Tech startups take note: there may be a bumpy road ahead. It would be worthwhile consulting your legal counsel about implications for your privacy policies.