Their ears are ringing at the European Commission following the ECJ’s Safe Harbor decision. Last night, Commissioner Věra Jourová stood before Parliament to suffer their slings and arrows. Meanwhile, industry groups on both sides of the Atlantic lobbied Jourová, Commission President Jean-Claude Juncker, VPs Frans Timmermans and Commissioner Gunther Oettinger and seemingly anyone else with a position of influence in the data protection community for patience, clarity and swift action.
In Parliament, Jourová opened a special extra-plenary debate by trying to provide assurances that any response to the ECJ ruling will be uniform and not fractured into 28 interpretations by 28 data protection authorities, and that she will be meeting with the Article 29 Working Party today to help insure that.
Further, she said, “the U.S. side needs to address … its own legal order and practice” to attain adequacy with European data protection expectations. “After my first discussions with [U.S. Commerce Secretary] Penny Pritzker, I remain confident that this is possible. I’m encouraged by the USA FREEDOM Act and the Judicial Redress Bill, which specifically addresses the situation.”
However, she said, “we will be clear that we need guarantees to the right to data protection … I will go to Washington in mid-November to discuss the issue.”
Finally, she called on Parliament to lobby their counterparts in the U.S. Congress in the same way that she is working with the executive branch in the United States.
“This is an important issue for our wider relationship with the U.S.,” she said, “our key strategic partner, both politically and economically.”
This did not, however, seem to mollify those in Parliament who are upset with what they perceive to be a lack of foresight and action on the part of the Commission.
“For years now, the Christian Democrats have been emphasizing that it’s not a Safe Harbor for our privacy,” said German MEP Birgit Sippel. “And this degenerated further with the revelations from the NSA, where actually our data became a self-service shop for the U.S. intelligence community, in the interest of national security and without being asked … The Commission should never have played along with the U.S. in this area.”
She had direct words for the U.S. as well: “They’ll have to dust off their legislation and build in the requisite safeguards. They’ve admitted to this. They’ve owned up. The U.S. intelligence agencies have greatly exceeded their remit by a substantial margin.”
Nor is it just Safe Harbor that’s affected and in the balance. Dutch MEP Sophia in ‘t Veld noted that there are data protection provisions in a number of major agreements with the United States. “We need to study the implications for other policies,” she said. “The PNR [Passenger Name Record] Agreement. The Umbrella Agreement. TTIP. The Services Agreement.
“Privacy and data protection,” she continued, “contrary to Zuckerberg, is not a social convention. It’s actually a legal right, just like the right to life, the ban on torture and all the other fundamental rights … We don’t want a fence around the European Internet, but it takes two to tango. That means our U.S. friends will also have to move.”
Italian MEP Tiziana Beghin reiterated the point about the affect of the ECJ decision on other agreements, in stronger language:
“We’re preparing to sign the TTIP with a country that’s been spying on us and doesn’t even respect basic privacy standards,” she said. “They think data is something they can just buy and sell. Further we’re about to sign the trade and services agreement with them, and the Americans are just the first. China, Mexico and Pakistan want to sign up, too, and they’re not conspicuous for their protection of data protection either. Let’s stop this mad course of action before it’s too late.”
However, not every Parliamentarian was pleased with the Safe Harbor decision.
“We have a patchwork or decision-making across the EU,” said UK Conservative MEP Timothy Kirkhope, “where courts are determining policy before we legislate and this has to stop. We now need to find a fast and quality solution for data protection … We need to keep cool heads. We need a clear and immediate plan. And a better and stronger Safe Harbor agreement as soon as possible.”
Jourová closed the debate by reiterating that the Commission is trying.
“This is not easy to achieve,” she said. “We are in the field of non-EU jurisdiction and we have to also work with this fact.”
In the short term, she said she’s relying on the national DPAs to create a unified response and provide clear guidance. In the long term, however, “we need more pressure on the United States in the direction of their reform of national intelligence and a higher protection of privacy.”
In the meantime, “We need a new adequacy decision,” she said, “which will present a new system, something like a safer Safe Harbor.”
That is something with which industry can agree. Yesterday, Jourová, alongside Oettinger and Ansip, met with a number of industry association leaders to discuss the practical responses to the Safe Harbor invalidation in the context of a letter sent to President Juncker.
The organizations, including DIGITALEUROPE, the Computer and Communications Industry Association (CCIA), European Federation of Pharmaceutical Industries and Associations (EFPIA) and the European Publishers Council (EPC) specifically point to the “significant uncertainty” created by the Schrems decision.
Similarly, former U.S. Commerce Interim Secretary Cameron Kerry and Jacques Bourgeois, a 25-year veteran of the European Commission, sent a letter (supplied to the IAPP) to the Commission, along with A29WP head Isabelle Falque-Pierrotin and EDPS Giovanni Buttarelli, writing “on behalf of leading American businesses.”
They request in the letter that the addressed take a series of actions. They ask for affirmation that binding corporate rules and model clauses have not also been invalidated by the Schrems decision; that DPAs consider changes in U.S. law since the Schrems case was brought forward; that they complete negotiations on a new Safe Harbor; that they compare what European countries are doing in terms of intelligence surveillance with the practices of the U.S., and that they confirm the 4,000+ countries that have been operating under Safe Harbor are not now in some kind of legal jeopardy.
It is “vital,” they write, “that the Commission and Working Party act to sustain these essential data flows by recognizing explicitly (as both Mme. Falque-Pierrotin and the UK Information Commissioner have done) that a transition to a new basis for these vital data flows will take time.”
They note there was a transition period of three years when the Directive 95/46/EC was put into effect. How much times will former Safe Harbor firms have now?
If you want to comment on this post, you need to login.