The future of transatlantic data transfers was the topic du jour Tuesday for U.S. government officials in the White House, State Department and U.S. House of Representatives.
U.S. Vice President Joe Biden and EU Chief Executive Jean-Claude Juncker spoke over the phone about the need for a new agreement. According to a White House statement, "The vice president and President Juncker both underscored the importance of rapidly concluding a replacement to the Safe Harbor framework, which is vital to both the U.S. and European economies."
Additionally, U.S. Ambassador Daniel A. Sepulveda, the Deputy Assistant Secretary and U.S. Coordinator for International Communications and Information Policy, spoke in Brussels, Belgium, Tuesday about the U.S. privacy framework and surveillance reform. In bolstering the U.S. privacy regime, Sepulveda specifically cited the important role privacy professionals play. "Leading American firms," he said, "have chief privacy officers and other trained privacy professionals ... (who) help ensure that American entities' privacy practices evolve to reflect ever-changing technologies and practices; they know it is in their interest to do so and many are competing against each other to drive the best privacy protection solutions for consumers."
Plus, in two separate hearings—held by the House Energy and Commerce Committee and House Judiciary Committee—representatives from industry, advocacy and academia testified about the need for a new data-transfer agreement between the two regions.
It’s clear there is bipartisan support in the House to quickly reestablish a data transfer framework as well as recognition by some lawmakers that surveillance reform—particularly to Section 702 of the FISA Amendments Act of 2008—is a necessary component of a long-term solution with Europe. Lawmakers on both sides of the aisle also repeatedly called on their Senate colleagues to quickly pass the Judicial Redress Act.
Echoed throughout the day during both hearings was the assertion that disruption to transatlantic data flows is not just a Silicon Valley problem, but a deeply embedded issue across industry sectors and the economy as a whole.
And the economic costs are potentially gargantuan. The Brookings Institution’s Joshua Meltzer said that bilateral trade between the two regions totals near $1 trillion dollars annually, for example, and that in 2012 U.S. exports delivered online to the EU were valued at $140 billion.
“The U.S.-EU investment relationship is without peer,” said U.S. Chamber of Commerce Senior Vice President for International Policy John Murphy. “In short,” he added, “today, there are no Internet companies: There are only companies. And there is no Internet economy: There is only the economy.”
The particularly harsh effect of Safe Harbor’s invalidation on small- and medium-sized businesses was another concern that lawmakers focused on during the hearings.
Rep. Greg Walden (R-OR) noted that, according to the U.S. Department of Commerce (DoC), nearly 60 percent of the companies under the U.S.-EU Safe Harbor Agreement are considered small- or medium-sized. For these smaller organizations, alternative transfer mechanisms such as Binding Corporate Rules, Model Contracts or multiple, localized servers are simply out of the question due to cost, complexity as well as lack of efficiency and legal certainty.
Surveillance reform also made its way into both hearings. In the Judicial Committee hearing Tuesday afternoon, Rep. John Conyers (D-MI) said, “We need to have a thorough conversation about U.S. surveillance reform,” something Rep. Anna Eshoo (D-CA), earlier in the day, said was a giant elephant in the room.
At one particularly contentious back-and-forth during the morning’s Commerce Committee hearing, Rep. Mike Pompeo (R-KS) repeatedly called on Software Alliance President & CEO Victoria Espinal and the Chamber of Commerce’s Murphy to say whether their members collected personal data under Section 702. Both declined to comment.
However, both called for a rapid renegotiation of a second data transfer agreement as a short-term solution. Additionally, Espinal called on European authorities to allow companies more time to rework their transfer methods and on both regions to come up with a more stable, long-term solution.
“We need rapid consensus on a new Safe Harbor agreement,” said Espinal, acknowledging that the DoC and European Commission are already deep into a potential agreement. “We are cautiously optimistic about a 'Safe Harbor 2.0.' We do believe they will come to an agreement in the short term.” But that’s only a temporary solution, she said, repeatedly stressing the need for a long-term strategy.
“One potential place to start,” she testified, “is with a comparison of the European Union’s and United States’ rules and practices in relation to surveillance and law enforcement access to data.” One solution, she said, is to provide Europeans with a means of redress, noting the Software Alliance strongly supports the Judicial Redress Act.
Electronic Privacy Information Center Executive Director Marc Rotenberg went further, calling for a slew of updates to U.S. privacy law, including to the enactment of the Consumer Privacy Bill of Rights, the modernization of the U.S. Privacy Act, the creation of an independent data protection agency with enforcement authority and the ratification of the International Privacy Convention. Such updates, he argued, would not only solve the “Safe Harbor problem,” but also help the U.S. economy “because the ongoing failure to modernize our privacy law is imposing an enormous cost on American consumers.”
Rotenberg also said that Safe Harbor was flawed from the beginning. It was built upon solid principles, he noted, but the lack of enforcement was “not meaningfully exercised.”
The Software Alliance’s Espinal said, “we need to have a political environment that is constructive,” and called on Congress to “help Europeans understand our privacy system better,” citing the recently enacted USA FREEDOM Act as well as the House’s passage of the Judicial Redress Act as examples.
The Chamber of Commerce’s Murphy warned that increased calls for more localization—what several lawmakers and witnesses in the Judicial Committee hearing referred to as data protectionism—would cost the EU economy approximately 1.3 percent of their GDP. This would mean higher costs for its citizens, less competition and could have a chilling factor in the U.S. “We should care about that,” he said, “because they’re a big trading partner of ours, which could have an effect on our economy.”
Software & Information Industry Association Senior Vice President Mark MacCarthy broadened the consequences of the Safe Harbor invalidation to several international trade agreements. “A failure to establish a modernized transatlantic data sharing agreement … would greatly complicate negotiations on the upcoming TISA and TTIP trade agreements,” he testified.
Though the urgency is now clearly felt here in the U.S., there is still much work to be done to find a way forward on a data transfer mechanism. But clearly, the political motivation for U.S. lawmakers is alive and well.
“I hope the U.S. Congress sees this event as a wake-up call,” said Rep. Jerrold Nadler (D-NY) during the later Judiciary hearing. “It shouldn’t take an EU court to ensure we’re protecting our privacy.”
Top photo: U.S. Chamber of Commerce Senior Vice President for International Policy John Murphy testifying in front of the House Commerce & Energy Committee on U.S.-EU data transfers.