At the International Conference of Data Protection and Privacy Commissioners in Mauritius this month, experts were focusing on one particular question. “What is the future of “Safe Harbour?”
Unfortunately almost everybody still avoids the truth: If you want to save the “Safe Harbour” principles you need to push for effective privacy legislation in the United States.
When the European Commission was negotiating the “Safe Harbour” principles in 2000 the digital market was just evolving. It agreed to a set of principles to safeguard the application of basic data protection principles during data transfer from the E.U. market to the U.S. market.
But at the same time, it allowed U.S. businesses to easily continue offering their products and services in Europe – although the data protection directive from 1995 was putting strict rules on them.
The only way to enhance data security is to push for effective privacy legislation in the United States.
After a decade of fragmented enforcement by the U.S. federal trade commission of the directive and the rapidly growing amount of data transfers to the U.S., European data protection authorities, civil society, competitors and politicians criticized the new principles for undermining the standards of the E.U.
When the European Parliament was finalizing its report on mass surveillance of E.U. citizens by intelligence agencies, it came to the conclusion that Safe Harbour needs to be suspended.
Since then a working group made up of the E.U. Commission and the U.S. commerce department has been trying to propose changes to the framework. But although they have already found some answers to a number of the raised questions, this will be too little and too late to save Safe Harbour.
In order to continue with a framework like Safe Harbour, the U.S. policy branch needs to make it clear that it values privacy, by passing legislation in the private sector. At the moment there is a Privacy Act from 1974, a code of conduct of how to deal with information on the collection, maintenance, use and dissemination of information about individuals but this is only applicable to public authorities. States pass their own laws on basic standards for the private sector. But in order to get the U.S. and the E.U. on the same page, there needs to be federal legislation on the private sector.
If U.S. politicians are unable to act on this issue, E.U. leaders will sooner or later terminate end the privileged access U.S. companies have to the European market.
Having traveled to Washington D.C. for five years on a regular basis and talked to different policy players about the opportunity for effective legislation, I am convinced that it is possible. With sufficient political will, a privacy framework that strengthens transatlantic relations and avoids loss of opportunities for U.S. businesses in Europe can still pass through Congress .
Several proposals by different members of both Houses in Congress and even White House papers have been put on the table. But no one has has yet had the courage to give it a real chance.
If U.S. politicians are unable to act on this issue , E.U. leaders will sooner or later terminate the privileged access U.S. companies have to the European market. It would be a shame, but an entirely reasonable course of action.
Europeans are no longer willing to accept loopholes that undermine the protection of their privacy and personal data. They are pushing politicians hard to set unambiguous and effective standards for the E.U. market and globally. And they are doing it with the broad support of consumers around the world, who are seeking someone to take the initiative to safeguard their rights and create a true safe harbor for their data.
More and more companies are taking advantage of the high data protection standards developed by European member states and E.U. based businesses in which they do not have to fear price dumping from outside and actors playing outside the rules.
This might be a turning point for U.S. policy makers who have to decide now whether to join the E.U. approach of bringing together a high standard of protection for data privacy and security on the one hand and a vivid and innovative single market on the other. I am convinced that it would be of paramount importance for the future chances of a transatlantic internet economy.
To contact the author: firstname.lastname@example.org