President Donald Trump's actions could undermine years of intense negotiations over the sharing of commercial data and law enforcement information. | Getty Trump immigration order causes alarm among Europeans Provision instructing agencies to exclude foreigners from privacy protections causes concern over international agreements.

Mexico isn’t the only close ally and trading partner peeved by President Trump’s flurry of executive actions.

Trump also has caused alarm in the European Union with a line in his executive order on immigration instructing agencies to exclude foreigners from privacy protections, threatening to undermine years of intense negotiations over the sharing of commercial data and law enforcement information.


Trump’s aides didn’t consult agency officials who hashed out those agreements before he signed the order, according to two people familiar with the situation — another example of the White House taking action without the usual vetting that past presidents used to avoid a problem exactly like this one. Now those same officials and lawmakers who were blindsided are scrambling to reassure companies and European allies that the executive order doesn’t have the power to undo the agreements.

“It’s just a stick they’re beating foreigners with, without giving any thought to the diplomatic repercussions,” said a federal official who requested anonymity because the Trump administration has prohibited talking to journalists. “If agencies and Congress had been consulted or even given a heads-up, we would’ve been able to deal with this proactively and it wouldn’t have been an issue that ginned up the Europeans.”

It's not clear if the White House was aware of the agreements, but it didn’t seem to intend to unsettle them. A White House spokesman emphasized that the executive order says it will be “consistent with applicable law” and referred to the European Commission’s statement that the agreements aren’t affected.

The two agreements in question are Privacy Shield, negotiated by the Commerce Department and the European Commission to let companies meet data protection requirements when transferring personal data across the Atlantic, and the U.S.-EU Umbrella Agreement, which covers personal data exchanged for preventing and investigating crime and terrorism.

The EU treats the agreements as treaties. In the U.S., they rely on laws including the Judicial Redress Act of 2016, but not the Privacy Act that Trump referenced in his executive order.

The dust-up prompted the law’s sponsor, Rep. Jim Sensenbrenner (R-Wis.), to do “damage control,” as his chief of staff, Bart Forsyth, termed it. Sensenbrenner released a statement Friday seeking to clarify that law protects the agreements from the executive order, which specifically says “to the extent consistent with applicable law.”

“I urge our European allies to be patient as we transition into the new Administration. In particular, I think the reaction to President Trump’s new executive order is overblown,” Sensenbrenner said in a statement to POLITICO. “It would take an act of Congress to repeal it and there is no effort I’m aware of in either Congress or the Administration to do so. I remain committed to supporting both the Privacy Shield and the Umbrella Agreement—they are important pillars supporting the transatlantic relationship. I am prepared to defend them if they’re challenged, but the Trump administration has not done anything to undermine them.”

(The only vote in the Senate Judiciary Committee against the Judicial Redress Act came from Sen. Jeff Sessions, Trump’s pick for attorney general.)

The Trump administration has been working on a response to address the concerns since European officials reached out on Friday morning, and was preparing a public statement from the Commerce Department on Friday afternoon. The White House counsel’s office is coordinating the effort, according to one technology industry official briefed on the issue. A Commerce Department spokesperson declined to comment.

“It would be very helpful for someone in the new administration to clarify that this executive order is not designed to undo Privacy Shield,” said Julie Brill, the former commissioner of the Federal Trade Commission and now co-head of Hogan Lovells' Privacy and Cybersecurity practice. "These will be learning lessons for folks in administration that when similar efforts are underway there will probably be more questions asked to understand what the implications would be."

In the interim, European officials — and the tech companies that would suffer if the order undercut confidence in the data agreement — have taken notice. While the order doesn’t remove any rights directly afforded by the Privacy Shield, it adds to uncertainty around the deal, which was already being challenged in European court and is up for a scheduled review this spring.

The White House rolled out a burst of executive orders out of a desire to appear productive in Trump’s first week, a person familiar with his planning told POLITICO. The orders were written by senior policy adviser Stephen Miller and chief strategist Steve Bannon, according to people familiar with the matter. Some were drafted by transition officials who aren’t in the White House.

“There’s a lot of benefit to vetting something like this that has a bunch of potential consequences,” said Justin Antonipillai, who worked on Privacy Shield as counselor to Commerce Secretary Penny Pritzker. “Its not clear to me what they were trying to accomplish with that language. For the broader relationship between the United States and Europe on these issues, it doesn’t seem like a very good idea."

The Privacy Act provision was buried in an executive order about immigration, the same one that set deportation priorities and took steps to punish so-called sanctuary cities that don’t cooperate.

The controversy flared up when a prominent member of European parliament tweeted that the executive order meant the European Commission would have to suspend Privacy Shield and sanction the U.S. for breaking the Umbrella Agreement. That set off a panic among companies and EU officials struggling to understand the motivation for and implications of Trump’s action.

“I am here in Brussels now meeting with EU officials. The question they are asking is ‘Is Privacy Shield dead?’ ” said Marc Rotenberg, the president of the advocacy group Electronic Privacy Information Center. “I said no. But it is truly like a Jenga Tower. Take out enough blocks and it will collapse.”

But closer examination led most experts to conclude the executive order, while unsettling, would have little direct impact.

“Initially I thought, to quote Trump, this was huge. This is going to create a real, major problem for the privacy shield,” said Aaron Tantleff, an intellectual property lawyer at Foley & Lardner. “My fear has quieted down a little bit it is still there.”

The European Commission also tried to reassure countries and companies that the Privacy Act protections Trump eliminated were never the legal basis for the protections it obtained from the U.S.

“The Commission negotiated two additional instruments to ensure that EU citizens’ data is duly protected when transferred to the U.S.,” a spokesman said, referring to Privacy Shield and the Umbrella Agreement.

While U.S. officials and tech groups work to quell European fears, some Silicon Valley allies remain perturbed. Even though the order doesn’t undercut Privacy Shield protections, the order does direct agencies to reverse any internal policies affording Privacy Act protections to foreigners. That move is likely to affect the Department of Homeland Security, which had given foreigners some extra protections as a matter of practicality, and could further undermine European faith in the U.S. privacy outlook, Center for Democracy and Technology President Nuala O’Connor said.

“It simply sends the wrong signal,” she said.

Laurens Cerulus contributed reporting from Brussels.