One PCLOB Nomination to Applaud and Three More to Urge

The nomination of Adam Klein as chairman of the Privacy and Civil Liberties Oversight Board (PCLOB) is a welcome move by the president. Klein has excellent credentials for this position, having served as a law clerk to U.S. Supreme Court Justice Antonin Scalia and most recently as a senior fellow at the Center for a New American Security. As readers of this site, to which he is a frequent contributor, know well, Klein is well situated to build upon the solid foundation created by previous PCLOB Chair David Medine. Now that the PCLOB will once again have a well-qualified chairman, the administration should rapidly nominate and appoint three additional members that will result in a fully-staffed board.

The PCLOB, an independent bipartisan government agency within the executive branch, supports many important functions related to citizens’ privacy and national security. Created in the aftermath of 9/11 to ensure the protection of civil liberties and security in the fight against terrorism, the PCLOB’s previous work on Section 702 of the Foreign Intelligence Surveillance Act (FISA), and Section 215 of the Patriot Act, was critically important in providing independent oversight of the US intelligence community. Prior to his nomination as PCLOB chair, Klein wrote about potential repercussions of the Board’s demise: “Counterintuitively [the PCLOB’s demise] would also have an immediate and detrimental effect for national security and counterterrorism. The board’s reports can help legitimize controversial programs and prove to skeptical allies that the U.S. prioritizes privacy protections.” As FISA is set to expire by the end of this year, and Congress and the Administration have been discussing its reauthorization, a fully functioning PCLOB will be especially critical in achieving the dual goals of providing national security and preserving individuals’ privacy rights. The unprecedented challenges ahead in the field of security and terrorism make the full PCLOB staffing urgent.

Moreover, the U.S. government has also frequently cited the PCLOB as helping ensure that the current EU-US legal framework for data transfer works effectively. Agreed by the U.S. Department of Commerce and the European Commission to replace the invalidated previous “Safe Harbor,” the Privacy Shield is a robust accountability scheme that creates a favorable transatlantic environment for data transfers. It is popular with businesses–particularly those that don’t have the resources to adopt time-consuming and more expensive instruments such as binding corporate rules or standard contractual clauses. In fact, over the past year, close to 2,500 organizations have self-certified through the Privacy Shield, according to the Department of Commerce. Preserving the Privacy Shield as an effective model for international data transfer is critical for the global economy, where growth and innovation across all sectors increasingly depend on the unencumbered access and use of data.

The first review of Privacy Shield is scheduled for this month, September 2017, and the PCLOB has a critical role to play to keep this instrument effective. Earlier this year, EU Commissioner Vera Jourova, the European Parliament and the Article 29 Working Party (WP29, comprising all EU Data Protection Authorities) raised multiple concerns about the PCLOB’s missing members and how this affects adversely the PCLOB’s oversight activity and undermines trust in global data transfers putting Privacy Shield at risk. A positive outcome of the Privacy Shield review would ensure the much-needed predictability of legal requirements for European and US companies and confirm the importance of the interoperability of legal systems to keep data flowing seamlessly around the world. Fundamental rights of EU and US citizens are at stake, as well as the societal benefits spurred by innovation and economic growth.

An adequately-staffed PCLOB, with members who have deep national security and privacy expertise, is necessary to protect citizens’ privacy and security, and, at the same time, to create a favorable environment for responsible data processing and for investments on both sides of the Atlantic. We need now the right people to make sure that the long lasting EU-U.S. relationship keeps being reflected in a successful cooperation in the field of data protection.Klein’s nomination as PCLOB chairman is a good start, and he should receive bipartisan support from the Senate. But it is only a start. The PCLOB still lacks a quorum to conduct any business. The Administration thus needs to fill the Board’s remaining three position as quickly as possible. The PCLOB’s work represents a model that other countries could use to provide more effective oversight of their intelligence agencies. By fully staffing the PCLOB, the US can provide global leadership in accomplishing the dual goals of security and privacy.

Editor’s note and disclosure: Intel is a generous financial supporter of Lawfare. This article, as with all articles, underwent Lawfare’s normal editorial process and review.