The Center for Digital Democracy has told the European Union it should pull the plug on its Privacy Shield agreement with the U.S. because the U.S. is unable to shield that privacy.
That came in a letter to the EU, which had asked for CDD's input for its first-year review of the shield agreement, which was struck last year.
CDD cited a lack of privacy enforcement or oversight by the FCC and Federal Trade Commission.
It laid out a stark picture: "There is no effective legal framework to protect consumer privacy in the U.S., with inadequate enforcement of the weak policies in place and an overall failure to address the dramatic growth of data practices," CDD said.
The group cited the March 2017 Congressional Review Act nullification of FCC broadband privacy rules as one of the reasons the U.S. can't protect data privacy.
As for the FTC, CDD said even before the Trump Administration that commission has been "incapable of effectively addressing how to empower and protect consumer digital privacy."
CDD also says the "notice and choice" framework of the Privacy Shield is ineffective. It said it had studied some of the U.S. companies enrolled in the shield, comparing their statements to their actual data collection and concluded that the self-certification process is "inadequate and dangerous."
The Privacy Shield replaced the safe harbor agreement that a European Union court invalidated in October 2015 over concerns about the U.S. being able to hold up its end of the agreement given the government surveillance revealed by the Edward Snowden leaks.
The framework requires companies to provide notice of what personal information is being collected and stored, the purposes it is used for, and an "opt out" mechanism for not sharing it.