ITIF: Invalidating Data Safe Harbor Would 'Wreak Havoc'

The Information Technology & Innovation Foundation (ITIF) is warning the EU and U.S. against nullifying the Safe Harbor Framework agreement for the cross-border exchange and protection of sensitive information between the U.S. and EU member countries, saying to do so "would wreak havoc on global digital commerce."

The U.S.'s ability to protect that sensitive info came into question in the wake of the Edward Snowden revelations.

"Instead of nullifying the Safe Harbor, policymakers in the United States and EU should work together to make a number of much-needed privacy reforms." ITIF said, including making clear the national security exception is only used when strictly necessary and is proportionate to a particular incident.

That also includes Congress passing the Judicial Redress Act, says ITIF, which would allow "non-U.S. citizens to bring civil actions against the United States for violating the Privacy Act." ITIF also backs reforms of the Foreign Intelligence Surveillance Act.

In a decision that could affect the flow of data from Europe to the U.S., a senior  European Union legal official two weeks ago advised the EU's Court of Justice that the U.S. cannot ensure adequate privacy protections of European Facebook subs' information transferred to U.S. servers due to mass government surveillance and that the 2000 Safe Harbor agreement that suggested the U.S. did provide that adequate security is invalid.

Advocate General Yves Bot was providing guidance to the court, which had asked whether that safe harbor agreement precluded investigating a complaint that, in light of the Snowden revelations about NSA surveillance activities, the U.S. offered no real protections, the Safe Harbor agreement notwithstanding. (http://www.multichannel.com/news/policy/eu-legal-official-slams-us-mass-...).

The European Commission is currently negotiating with the U.S. on some of the safe harbors "shortcomings," Bot conceded, but said the EC should have suspended that safe harbor decision since, by the very fact of negotiating new protections, it was conceding the 2000 decision was no longer "adapted to the reality of the situation."

In an alert following Bot's advisory, law firm Mintz Levin warned companies that transfer personal data from the Europe to the U.S. (it says there are over 4,000 of those) that they needed to start looking at alternatives (http://www.mintz.com/legal-insights/alerts/articletype/articleview/artic...).

According to various accounts the court is expected to rule on that complaint and the validity of the safe harbor.

"If the United States and Europe do not come together to resolve these issues, both parties will suffer greatly. If EU data cannot be stored or processed in the United States, it damages European users of technology, both businesses and consumers," said ITIF.

John Eggerton

Contributing editor John Eggerton has been an editor and/or writer on media regulation, legislation and policy for over four decades, including covering the FCC, FTC, Congress, the major media trade associations, and the federal courts. In addition to Multichannel News and Broadcasting + Cable, his work has appeared in Radio World, TV Technology, TV Fax, This Week in Consumer Electronics, Variety and the Encyclopedia Britannica.