Dec 21, 2015 - 9:00am

Safe Harbor and Reforms to U.S. Surveillance



Senior Director, European Affairs
Senior Director, U.S.-UK Business Council

The U.S. Chamber of Commerce and many of our member companies are deeply concerned about the broad implications of the ECJ’s recent Schrems decision to invalidate the U.S.-EU Safe Harbor data transfer agreement. If transfers of personal data to jurisdictions deemed inadequate—now defined as places (including the United States) that lack “sufficient democratic controls” over law enforcement and national security activities—are prohibited, then the Court’s finding that Safe Harbor no longer serves to provide “adequate” protections is just the tip of the proverbial iceberg. It is difficult to see how other data transfer mechanisms including model contract clauses, binding corporate rules, or even express consent can work between the EU and any inadequate jurisdiction under those circumstances.

As it happens, the European Parliament Research Service recently put together a very detailed report on China’s data protection inadequacy notes that it would be “impractical” to prohibit transfers to that country given the importance of the economic relations between the EU and China. Never mind, apparently, the fact that the economic relationship between the EU and the U.S. is much larger.

In response, the Future of Privacy Forum has recently written an important and extensive report by Senior Advisor Peter Swire detailing recent changes to US surveillance and privacy, and how they should be viewed in light of the Safe Harbor decision. Swire has been critical of certain US surveillance laws and programs in the past, and served as one of five members of President Obama’s Review Group on Intelligence and Communications Technology; many of the Review Group’s recommendations bear his imprint. In brief, Swire argues that there are extensive legislative and judicial controls over the U.S. government’s use of electronic surveillance for law enforcement and national security purposes, and that these democratic controls have been strengthened considerably since 2013.

The uncertainty surrounding the EU’s political and legal intentions on digital issues, including in light of the new General Data Protection Regulation and Directive, has significant implications for Europe’s economy and social welfare, as it affects the business community from the United States, Europe and globally. In the end, a reasonable balance must be found between the fundamental right to the protection of personal data and the fundamental freedom of Europe’s citizens to send their data even to jurisdictions that are clearly wholly inadequate, such as Russia or China. How the issue of Safe Harbor and the United States more broadly will be treated in this context will be critically important for consumers and companies on both sides of the Atlantic.

 

About the Authors

About the Author

Peter H. Chase was formerly Vice President for Europe for the U.S. Chamber.

About the Author

Garrett Workman
Senior Director, European Affairs
Senior Director, U.S.-UK Business Council

Garrett Workman joined the U.S. Chamber of Commerce in June 2015.