There was once hope …
In the aftermath of World War II, many nations realized the importance of protecting universal human rights. Nazi Germany’s use of personal information to conduct the systematic eradication of an entire race united the world in a common cause. The use of national legislation and policies by the Axis Powers during the Second World War to suppress individual human and privacy rights was also a causal factor.
On December 10, 1948, the UN General Assembly proclaimed the UN Universal Declaration of Human Rights, which advocated for the global and universal protection of human rights. The major European nations and the U.S. were among the 48 original signatories of the declaration. This momentous date should have marked the beginning of a long-term collaboration and partnership between Europe and the U.S. on global data and information privacy protection issues and topics.
However, it did not.
Despite current differences, we believe there is hope that the EU and the U.S. can identify opportunities to adopt a shared vision for global information privacy protections and rights.
Opportunities for convergence
The EU-U.S. Safe Harbor Agreement’s revision could serve as an opportunity for greater collaboration between both regions for the transfer of data and associated information-privacy issues. More importantly, it might allow European, U.S. and other international privacy advocacy organizations to serve as impartial “watchdogs” that ensure U.S. compliance with Safe Harbor.
Recently, the Center for Digital Democracy (CDD) and some members of the European Parliament called for the suspension of Safe Harbor in light of a U.S. Federal Trade Commission (FTC) investigation into whether some U.S. companies have not willfully complied with the agreement’s provisions.
The CDD is partnering with the Trans-Atlantic Consumer Dialog, a consortium of European consumer rights groups, in an effort to force the FTC to act more aggressively in enforcing Safe Harbor. And though we find it interesting to see a U.S. information privacy advocate (CDD) calling on the FTC to suspend Safe Harbor until it can be completely overhauled, we also find it encouraging and perhaps the beginning of a privacy advocacy community with a shared perspective on information privacy rights as a “human right.” This has been espoused by CDD Executive Director Jeff Chester, who said, “CDD favored the EU’s approach to privacy as a human right.” We encourage other U.S. privacy advocates to take similar public stances as it relates to U.S. companies’ compliance with Safe Harbor.
While the European Parliament has supported calls for Safe Harbor’s suspension in lieu of its revision, the European Commission has strongly opposed that recommendation, believing the community can work through the issues without a major overhaul.
The FTC should leverage the growing support for the revision to convince the European Commission to overhaul Safe Harbor to make it more effective and enforceable. This collaboration might also serve as a starting point for reaching a common perspective between the EU and the U.S. transborder data flows and information privacy protections.
Some critics of Safe Harbor have cited the following shortcomings as factors for why it has failed to achieve its desired objectives:
- A perceived lack of transparency regarding the privacy policies of some Safe Harbor participants;
- A lack of active enforcement of the Safe Harbor Framework by the U.S. government, and
- A failure of some Safe Harbor self-certified companies to actually comply with the principles
We believe the FTC’s current investigation of 30 U.S. firms for alleged violations of Safe Harbor’s provisions simply reinforces these stinging criticisms.
Is there still hope for Safe Harbor?
There is still hope for Safe Harbor; however, it will require a great deal of commitment by companies to comply, the FTC to enforce and compromises by both the U.S. and EU to reach consensus on a common understanding of its meaning and intent.
U.S. desire to reach an agreement with the EU on the Transatlantic Trade and Investment Partnership (TTIP) will serve as a major impetus for both entities to quickly resolve their differences regarding Safe Harbor. The TTIP’s success will depend heavily on the EU’s ability to transfer consumer data to the U.S.
Additionally, the European Commission and European consumer protection groups will be less likely to support this transfer of data without some evidence that U.S. companies will comply with the EU’s Data Protection Directive and other EU data protection legislation.
We recommend the Department of Commerce (DoC), the European Commission and the FTC establish an EU-U.S. Safe Harbor Agreement Reform Subcommittee in light of Safe Harbor’s potential negative impact on the TTIP. This subcommittee would initially focus its efforts on addressing the European Commission’s recommendations made in its November 2013 critique of Safe Harbor. The critique made several recommendations, which included the following recommended areas of improvements:
- More active enforcement activity by U.S. authorities;
- Safe Harbor participant companies make their privacy policies publicly available while providing links to such policies on the DoC’s website;
- Safe Harbor participants notify the DoC of any transfers of personal data to third parties;
- Safe Harbor companies detail the circumstances under which U.S. authorities may access EU personal data processed by that company.
The three entities should strive to reach some consensus and compromise on which of the recommendations best address Safe Harbor’s current shortcomings.
Next, we strongly recommend the DoC and the FTC conduct their own assessment of Safe Harbor’s effectiveness in discouraging non-compliance.
It is time for Safe Harbor to transition from a voluntary, self-certification process to one of stringent enforcement coupled with hefty fines and penalties for noncompliance. The revised Safe Harbor agreement must dissuade disreputable and unethical U.S. businesses from violating Safe Harbor’s provisions by opting to do the “easy wrong over the hard right” of complying with it.
If you want to comment on this post, you need to login.