Safe Harbor: Time for a Fresh Look?

Safe Harbor: Time for a Fresh Look?

The fallout from the NSA revelations continue to make the national headlines.  But the impact isn’t simply limited to the government’s use of data.  Last week, the Chairman of the Article 29 Working Party wrote to the Vice-President of the European Commission to express “great concern” about PRISM and related intelligence programs, including how these programs impact companies’ compliance with the U.S.-E.U. Safe Harbor Program.  While the Safe Harbor does have a carve out for national security, the Article 29 Working Party “has doubts whether the seemingly large-scale and structural surveillance of personal data that has now emerged can still be considered an exception strictly limited to the extent necessary.”  The letter goes on to remind Member States that they have authority to suspend data flows where there is substantial likelihood that the Safe Harbor principles are being violated.

This is only the latest in a growing group of voices in the E.U. to question whether the Safe Harbor is working.  Germany’s data protection commissioner, for example, blogged that the United States data protection framework is lacking and that Safe Harbor “cannot compensate for these deficits.”   And just last month, Vivian Reding, Vice-President of the European Commission, called the Safe Harbor “a loophole” that “may not be so safe after all,” and has requested a full review of the program by year-end.

The Safe Harbor has been criticized in the past.  For example, one 2008 report found that a number of companies were falsely claiming to be in the Safe Harbor when they in fact had allowed their certifications to lapse.  However, in the years since it was last seriously assessed, there have been a number of positive developments.  The FTC has stepped up its enforcement efforts and settled a number of cases for Safe Harbor violations.  And, the number of companies to sign up to the Safe Harbor has grown.

We think that, in light of these concerns, it may be time to take an objective look at the Safe Harbor program.  As the European Commission undertakes its review, we should examine the current protections the Safe Harbor offers, as well as the compliance and enforcement efforts undertaken by both the E.U. and the U.S.  Let’s see what is working, and what isn’t.  And, if there are ways to make the Safe Harbor better, we should step up to the plate and offer solutions.

Leave a Reply


Privacy Calendar

Sep
15
Mon
all-day Big Data: A Tool for Inclusion or Exclusion? @ Constitution Center
Big Data: A Tool for Inclusion o… @ Constitution Center
Sep 15 all-day
The Federal Trade Commission will host a public workshop entitled “Big Data: A Tool for Inclusion or Exclusion?” in Washington on September 15, 2014, to [...]
Sep
17
Wed
all-day IAPP Privacy Academy and CSA Congress 2014 @ San Jose Convention Center
IAPP Privacy Academy and CSA Con… @ San Jose Convention Center
Sep 17 – Sep 19 all-day
This fall, the International Association of Privacy Professionals (IAPP) and Cloud Security Alliance (CSA) are bringing together the IAPP Privacy Academy and the CSA Congress [...]
Oct
21
Tue
6:00 pm Consumer Action’s 43rd Annual Awards Reception @ Google
Consumer Action’s 43rd Annual Aw… @ Google
Oct 21 @ 6:00 pm – 8:00 pm
To mark its 43rd anniversary, Consumer Action’s Annual Awards Reception on October 21, 2014, will celebrate the theme of “Train the Trainer.” Through the power of [...]
Jan
28
Wed
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]
Jan
28
Thu
all-day Data Privacy Day
Data Privacy Day
Jan 28 all-day
“Data Privacy Day began in the United States and Canada in January 2008, as an extension of the Data Protection Day celebration in Europe. The [...]

View Calendar