Safe Harbor: Time for a Fresh Look?

Safe Harbor: Time for a Fresh Look?

The fallout from the NSA revelations continue to make the national headlines.  But the impact isn’t simply limited to the government’s use of data.  Last week, the Chairman of the Article 29 Working Party wrote to the Vice-President of the European Commission to express “great concern” about PRISM and related intelligence programs, including how these programs impact companies’ compliance with the U.S.-E.U. Safe Harbor Program.  While the Safe Harbor does have a carve out for national security, the Article 29 Working Party “has doubts whether the seemingly large-scale and structural surveillance of personal data that has now emerged can still be considered an exception strictly limited to the extent necessary.”  The letter goes on to remind Member States that they have authority to suspend data flows where there is substantial likelihood that the Safe Harbor principles are being violated.

This is only the latest in a growing group of voices in the E.U. to question whether the Safe Harbor is working.  Germany’s data protection commissioner, for example, blogged that the United States data protection framework is lacking and that Safe Harbor “cannot compensate for these deficits.”   And just last month, Vivian Reding, Vice-President of the European Commission, called the Safe Harbor “a loophole” that “may not be so safe after all,” and has requested a full review of the program by year-end.

The Safe Harbor has been criticized in the past.  For example, one 2008 report found that a number of companies were falsely claiming to be in the Safe Harbor when they in fact had allowed their certifications to lapse.  However, in the years since it was last seriously assessed, there have been a number of positive developments.  The FTC has stepped up its enforcement efforts and settled a number of cases for Safe Harbor violations.  And, the number of companies to sign up to the Safe Harbor has grown.

We think that, in light of these concerns, it may be time to take an objective look at the Safe Harbor program.  As the European Commission undertakes its review, we should examine the current protections the Safe Harbor offers, as well as the compliance and enforcement efforts undertaken by both the E.U. and the U.S.  Let’s see what is working, and what isn’t.  And, if there are ways to make the Safe Harbor better, we should step up to the plate and offer solutions.

Leave a Reply


Privacy Calendar

Sep
15
Mon
all-day Big Data: A Tool for Inclusion o... @ Constitution Center
Big Data: A Tool for Inclusion o... @ Constitution Center
Sep 15 all-day
The Federal Trade Commission will host a public workshop entitled “Big Data: A Tool for Inclusion or Exclusion?” in Washington on September 15, 2014, to further explore the use of “big data” and its impact[...]
all-day NIST Privacy Engineering Workshop @ San Jose Marriott
NIST Privacy Engineering Workshop @ San Jose Marriott
Sep 15 – Sep 16 all-day
Privacy is a challenging subject that spans a number of domains, including law, policy and technology. Notwithstanding numerous sets of principles, including the foundational Fair Information Practice Principles (FIPPs), that seek to address the handling[...]
Sep
17
Wed
all-day IAPP Privacy Academy and CSA Con... @ San Jose Convention Center
IAPP Privacy Academy and CSA Con... @ San Jose Convention Center
Sep 17 – Sep 19 all-day
This fall, the International Association of Privacy Professionals (IAPP) and Cloud Security Alliance (CSA) are bringing together the IAPP Privacy Academy and the CSA Congress under one roof, giving you access to even more valuable[...]
Sep
19
Fri
The NSA, Privacy and the Global ... @ Georgetown Law Center
The NSA, Privacy and the Global ... @ Georgetown Law Center
Sep 19 @ 1:15 pm – 2:45 pm
WHAT The NSA, Privacy and the Global Internet: Perspectives on Executive Order 12333 WHEN Friday, September 19, 2014 1:15 – 2:45 p.m. WHERE Georgetown University Law Center McDonough Hall, Room 200 600 New Jersey Avenue,[...]
Sep
23
Tue
Mapping Issues with the Web: An ... @ Tow Center for Digital Journalism/Columbia Journalism School
Mapping Issues with the Web: An ... @ Tow Center for Digital Journalism/Columbia Journalism School
Sep 23 @ 5:00 pm – 6:30 pm
On the occasion of Bruno Latour’s visit to Columbia University, this presentation will show participants how to operationalize his seminal Actor-Network Theory using digital data and methods in the service of social and cultural research.
Sep
26
Fri
Yale Day of Data @ Yale University
Yale Day of Data @ Yale University
Sep 26 @ 8:30 am – 5:00 pm
This day-long event will focus on data science and partnerships across industry, academia, and government initiatives. The day will also include presentations by eight Yale faculty and researchers on issues specific to research data management,[...]
Oct
11
Sat
City by Numbers: Big Data and th... @ Pratt Institute
City by Numbers: Big Data and th... @ Pratt Institute
Oct 11 @ 9:30 am – 6:00 pm
Big Data—the exponential growth and availability of information—is one of the defining phenomena of our time. It affects us all on different levels – with far-reaching social, environmental, and governmental significance. To help make sense[...]
Oct
21
Tue
Consumer Action’s 43rd Annual Aw... @ Google
Consumer Action’s 43rd Annual Aw... @ Google
Oct 21 @ 6:00 pm – Oct 21 @ 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of individual and small group trainings, Consumer Action each year is[...]

View Calendar