The Safe Harbour agreement is not the appropriate instrument to solve transatlantic tensions over government mass surveillance in the US. The issue should be addressed separately from the US-EU commercial agreement regulating data transfer, whose suspension would leave companies in the middle of a jurisdictional conflict they cannot themselves resolve.
The EU-US Safe Harbour agreement has been the subject of a great deal of interest in recent weeks. At the end of March the head of the Article 29 Working Party, which represents Europe’s data protection authorities, raised the subject in the context of mass surveillance of private data by US security agencies in front of the European Parliament’s Civil Liberties (LIBE) Committee.
At the same time Justice Commissioner Vera Jourova announced that she intends to conclude a revision of safe harbor with her US counterparts at the end of May. The debate is set to intensify this month as negotiators count down to the self-imposed deadline for revising the 14-year old bilateral agreement.
Amid all this attention it is worth pointing out a few things about Safe Harbour that have been overlooked in much of the media coverage of the subject, and to explain why it is so important to revise rather than suspend the mechanism.
The EU-US Safe Harbour agreement facilitates transatlantic transfers of commercial data by European and US companies of all sizes. It is a vital tool for a wide range of industries engaged in the trade in goods and services between the EU and the US.
The agreement needs to be refreshed and we support the efforts of the European Commission to improve it. We are confident that the reform of Safe Harbour can be achieved through political discussions between the two trading partners.
While respecting citizens’ right to privacy, we believe an improved Safe Harbour agreement must continue to facilitate data transfers conducted by law-abiding companies.
Any suspension of Safe Harbour would affect American and European companies alike, and it would be especially burdensome for small and medium size enterprises that use the mechanism for data transfers to the US.
A suspension would clog up perfectly legitimate, non-controversial, safe flows of non-personal as well as personal data, and it would therefore have significant economic consequences for the US and the EU.
Similarly, if national data protection authorities were empowered to override EU level agreements such as Safe Harbour, as suggested by some national data protection authorities last month during a hearing at the Court of Justice of the EU (CJEU), this would lead to the splintering of EU rules on international data transfers.
This in turn would undermine efforts to create a digital single market, and instead create even more fragmentation and legal uncertainty within the EU than there is today. At the heart of the case being heard in court last month is the issue of protection of a citizen’s private data from US security agency surveillance.
The tech industry in the US has joined forces with privacy groups in opposing efforts to extend bulk surveillance by US security agencies. In Europe we have been criticised by European security agencies for placing too high a priority on citizens’ privacy.
DIGITALEUROPE shares the concerns of the public and opposes the bulk collection of citizen’s data by state security agencies. However, the Safe Harbour agreement is not the appropriate instrument to solve this problem. Isabelle Falque-Pierrotin, Chair of the Article 29 Working Party said as much at a meeting with the European Parliament‘s LIBE Committee at the end of March.
Attempting to solve the problem through the revision of Safe Harbour would only deflect attention from the real discussions that need to occur.
It requires direct government-to-government negotiations on the norms in cyber surveillance and access by authorities. It cannot be resolved in a commercial agreement, which would leave companies in the middle of a jurisdictional conflict they cannot themselves resolve.
We urge the European Commission, which leads the European negotiating team, to treat this task separately from the revision of rules to allow for the transfer of commercial data from Europe to the US. For more information please read our position paper on the Safe Harbour revision.