Safe Harbor Can’t be Fixed, Should Be Terminated, Say U.S. Privacy Advocates, EU Lawmakers
The safe harbor agreement for transfer of European citizens’ personal data to the U.S. should be scrapped, said U.S. privacy and consumer advocates and EU lawmakers Wednesday. The U.S. Department of Commerce is “flying blind” on safe harbor, said Center for Digital Director Executive Director Jeffrey Chester in an interview. Commerce doesn’t look at the data protection practices of U.S. businesses in the U.S. or EU, so before it responds to European Commission recommendations for cleaning up safe harbor (bit.ly/IorNGe), it should order an in-depth FTC study on what U.S. businesses are doing and collecting, he said. That report will likely find that industry is using the program as a “smokescreen” to cover up European data, he said. Chester also said CDD is trying to encourage European consumer groups to file complaints with the FTC. He and other civil society groups took part in a Commerce Department International Trade Administration meeting, closed to the press, to discuss the recommendations.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
In a November report on how safe harbor is working (CD Nov 29 p7), the EC made 13 recommendations on ways the U.S. could fix the problems. But it’s “clear” that safe harbor isn’t working, can’t be made to work and should be scrapped, Consumer Federation Director of Consumer Protection Susan Grant told us in an interview. U.S. companies should have to comply with EU data protection law when dealing with EU citizens’ information, she said. The EC proposals are “well-intentioned but much too weak” to fix the problems with safe harbor, Grant said. One key issue is that safe harbor is an exception to compliance with EU privacy law and, even if followed to the letter, fails to safeguard Europeans’ data, she said.
The Electronic Frontier Foundation has always looked askance at the entire safe harbor framework, said Senior Staff Attorney Lee Tien in an interview. It’s not clear whether it has ever worked usefully for Europeans, he said. Nor has EFF been impressed by the degree of compliance with or enforcement of the program, he said. The EC recommendations won’t make much difference for Europeans, he said.
The EC and Council of the European Union, meanwhile, pushed back against calls to end safe harbor immediately. Dimitris Kourkoulas, deputy foreign affairs minister for the Greek EU Presidency, stressed at a Wednesday European Parliament plenary debate that the decision on safe harbor falls to the EC. EU governments strongly support the EC conclusions that the U.S. must respect the privacy principles of proportionality and necessity, and that some safeguards under U.S. law are available only to Americans, he said.
The Council also agrees on the need for more transparency for transfers of personal data to U.S. companies under safe harbor, Kourkoulas said. Governments want the EC to continue its “constructive, rigorous dialogue” with U.S. officials on the points it has raised, he said. He urged lawmakers to give the EC sufficient time to do so.
The European Parliament and EC have spoken with one voice on the implications of National Security Agency surveillance, and it was heard in the U.S., said EC Justice Commissioner Viviane Reding. The U.S. also understood that it needs to rebuild trans-Atlantic trust, she told lawmakers. “There are deficiencies” in the safe harbor scheme, and EU data subjects must be able to trust that if their information is transferred to the U.S., it won’t be “routinely screened by the NSA,” she said.
Safe harbor is meant to “be an island of EU-style data protection in the U.S.,” said Reding. It’s up to the U.S. now to take action on the EC recommendations, she said. Remedies must be identified by summer and implemented “very soon” thereafter, with open consultation and debate in Parliament, she said. If the U.S. doesn’t act, the EC will decide the next steps, she said. Reding continued her push for a speedy conclusion to talks on data protection reform legislation, saying it will be on the table at an informal Council meeting next week.
Some MEPs, however, want quicker action, they said. The European People’s Party insists on “pressure on Washington” because the question is whether the U.S. is a safe harbor at all, said Manfred Weber of Germany. If the agreement isn’t put to the test, data protection reform will be undermined, he said. He asked the EC to cancel the agreement to force the U.S. to recognize that although Europe is its friend, it won’t put up with having its citizens treated as second-class citizens with no right of redress, he said.
Although the EC statement recognized safe harbor’s problems, its recommendation may not be good enough, said MEP Claude Moraes of the Socialists and Democrats and the U.K., author of the Civil Liberties, Justice and Home Affairs Committee report on the parliamentary probe of U.S. mass spying. The EC and Parliament must ensure that safe harbor is fixed to show the legislative inquiry has real meaning, he said.
The EC proposal for fixing the agreement is “good, but not good enough,” said MEP Sophie In ’t Veld of the Alliance of Liberals and Democrats for Europe and the Netherlands. Safe harbor doesn’t provide any protection for European citizens, only legal coverage for companies that process their data, which lawmakers have warned the EC about for years, she said. The U.S. shouldn’t be given even more time to resolve the problems, and safe harbor should be suspended “today,” she said. That will create the necessary sense of urgency for the U.S., EC and companies to start working on real solutions, she said. If the EU doesn’t stop the circumvention of its rules by U.S. companies by ending safe harbor, it will lose sovereignty and voter confidence, said Jan Albrecht of the Greens/European Free Alliance and Germany.