Reports of ‘Safe Harbor’ Demise are Premature?

~ Peggy Reetz

Brill addresses Issues at IAPP Data Protection Congress in Brussels
HiRes

FTC Commissioner Julie Brill delivered remarks at the IAPP Data Protection Congress in Brussels today along with one the EU’s Commissioners, Constantijn van Orange-Nassau.  Commissioner Brill acknowledged some of the criticism being leveled at the U.S.-EU Safe Harbor Data Protection process in light of revelations from the Edward Snowden-NSA so-called spying scandal.  Snowden’s disclosures included copies of PowerPoint presentation slides identifying the NSA’s PRISM program, which program reportedly allowed the NSA to gain access to the private communications of users of nine popular Internet services (including Google, Yahoo!, Facebook, Microsoft and others).  The Safe Harbor framework is supposed to allow for the transfer of such personal data in compliance with the EU Data Protection Directive.  The FTC is responsible for compliance enforcement, once an entity self-reports to the U.S. Department of Commerce.

As a result of the revelations, certain EU principals began to question the efficacy of the terms of transferring data between U.S. and EU entities, via the Safe Harbor program.  See remarks from Vice President Reding as of July 2013:

http://europa.eu/rapid/press-release_MEMO-13-710_en.htm

–“PRISM has been a wake-up call. The data protection reform is Europe’s answer.”

–“The Safe Harbour agreement may not be so safe after all.”

Now, Commissioner Brill acknowledges the issue and responds, in part:

–“[Safe Harbor is a] very effective tool for protecting the privacy of EU consumers … the FTC has vigorously enforced the Safe Harbor.”

–“We’ve taken the initiative to look for Safe Harbor violations in every single privacy and data security investigation we conduct. That’s how we discovered the Safe Harbor violations of Facebook, Google and Myspace.”

–“[Safe Harbor has]received its share of criticism in large part due to revelations about government surveillance. There’s no doubt that has created tensions in the transatlantic partnership.”

Commissioner Brill likewise took to Twitter to drive home the point:  “Safe Harbor is strong – can help make it strong; increase transparency; make ADR more affordable; strengthen accountability #dpcongress”

BrillTweetsreEU

BrillSafeHarborttweets


See article at:

https://www.privacyassociation.org/publications/eu_u.s._officials_indicate_potential_privacy_agreement_at_data_protection_c

Her EU colleague took the opportunity to outline what should be the focus for these cross-Atlantic partnerships: 1) a standard commitment to Privacy by Design; 2) any Big Data applications that might put fundamental rights at risk should have a privacy impact assessment required; 3) consent is a cornerstone of data protection; and, 4) there needs to be a commitment to de-identification.

euflagth4P2UWF78

Brill, for her part, Tweeted a photo of the two privacy regulators engaged in conversation; apparently, doing some one-on-one diplomacy to try to calm these choppy waters!
brilltweets

blue anchor

Published by Peggy Reetz

Lawyer in Chicago who advises insurers and other clients on cyber, tech, privacy, media risks and trending legal issues

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.