Finally! Safe Harbour Agreement under question by EU commissioner
This article is also available in:
Deutsch: Endlich! EU-Kommissarin stellt „Safe Harbor“-Abkommen in Frage
On 19 July 2013, during the informal Justice Council in Vilnius, Lithuania, EU justice commissioner Viviane Reding stated for reporters that her services will be reviewing the so-called Safe Harbor Agreement.
The agreement, concluded 13 years ago between the US department of commerce and the European Commission, based on a clause in the current 1995 EU Data Protection Directive, does no longer seem as "safe" as the title currently implies.
"The Safe Harbour agreement may not be so safe after all. It could be a loophole for data transfers because it allows data transfers from EU to US companies – although US data protection standards are lower than our European ones. I have informed ministers that the Commission is working on a solid assessment of the Safe Harbour Agreement which we will present before the end of the year," said Reding.
Within the agreement, around 3 000 companies have voluntarily signed up to follow a binding set of data transfer rules based on seven principles - notice, choice, onward transfer, security, integrity, access, and enforcement. However, the agreement includes low data protection standards.
In 2010, the US consultancy company Galexia found a number of irregularities in the agreement and reported that 200 companies had falsely claimed to have joined the agreement and that only 350 companies had complied with the minimum standards of the agreement.
Hence, the US Federal Trade Commission (FTC) has issued orders on Twitter, Google, Facebook and MySpace to be regularly audited and in November 2012, asked Google to pay out 22.5 million dollars for having planted cookies on Apple’s Safari Internet browser.
Reding’s announcement on Safe Harbor comes in the context of the PRISM programme revelations which have pushed the European regulators to finalise negotiations on the data protection regulation and its adjoining directive, the post-Stockholm programme on future justice priorities. The German and French ministers have sent a joint-letter to the legislative saying that the negotiations between the European Parliament and the member states for the data reforms should be finalised before the end of the Lithuanian EU Presidency that is, by the end of 2013.
“It is good to see that the French and German ministers have reaffirmed, in a joint declaration, that we need a high level of data protection for European citizens, which strikes the right balance between freedom and security.
It is also good to see that they have both committed to quickly adopting the reform of Europe's data protection rules that the Commission put on the table in January 2012.
PRISM has been a wake-up call. The data protection reform is Europe's answer," said Reding in Vilnius.
EU questions decade-old US data agreement (22.07.2013)
Informal Justice Council in Vilnius (19.07.2013)