Saturday

23rd Apr 2022

EU questions decade-old US data agreement

  • Reding says US surveillance allegations is a "wake up call" for stronger data protection legislation. (Photo: eu2013.lt)

The European Commission is casting doubts on a 13-year old data sharing agreement with the United States.

EU justice commissioner Viviane Reding on Friday (19 July) told reporters in Lithuania’s capital Vilnius her services will be reviewing the so-called Safe Harbor Agreement.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

“We do have the impression that the Safe Harbor Agreement, might not be so safe, after all,” she said.

The agreement was hammered out in 2000 between the US department of commerce and the European Commission, based on a clause in the current 1995 EU Data Protection Directive.

The around 3,000 companies that have voluntarily signed up follow a binding set of data transfer rules between the US and EU based on seven principles - notice, choice, onward transfer, security, integrity, access, and enforcement.

The low data protection standards built into the agreement is possibly a loophole, noted Reding.

“I’m working on a solid assessment of the Safe Harbor Agreement and I will present this assessment before the end of the year,” she said.

The US Federal Trade Commission (FTC) enforces Safe Harbor.

Some European data protection authorities have also expressed their doubts the agreement.

German deputy privacy commissioner Marit Hansen of Schleswig-Holstein’s data protection authority says the rules are seldom enforced in substance.

“I assume that if I write to a company as a data protection authority ‘you are in Safe Harbor please give some information on these principles and how you implement them in your business’ they will answer. So far no one was able to answer my question because they are not prepared to do that,’ she told this website in April.

In 2010, the US consultancy company Galexia found a number of irregularities in the agreement.

They noted in a report that 200 companies claimed to have joined the agreement without ever having done so. They also found only 350 companies which complied with the minimum standards of the agreement and that only one court case had been issued in over a ten-year period.

The FTC has since been more proactive and has issued twenty year consent orders on Twitter, Google, Facebook and MySpace which require them to be regularly audited.

In November last year, the FTC required Google to pay out $22.5 million over claims the Internet giant planted cookies on Apple’s Safari Internet browser.

Reding’s announcement on Safe Harbor follows a morning session of informal discussions with EU ministers of interior, which also touched upon the EU data protection regulation and the post-Stockholm programme on future justice priorities.

The on-going media revelations about the US Prism surveillance programme has provided extra new incentives for legislators to finalise negotiations on the data protection regulation and its adjoining directive.

Both policies aim to harmonise data protection rules throughout the EU but have suffered numerous setbacks as euro-deputies struggle to reach compromises on the 4,000 or so amendments.

German and French ministers in a joint-letter said the legislative data reforms need to advance with an aim to finalise negotiations between the European parliament and member states before the end of the Lithuanian EU Presidency.

“The justice ministers of the two countries signed a joint declaration saying that we need a high level of data protection for European citizens, which strikes the right balance between freedom and security,” said Reding.

She urged other ministers to demonstrate a similar drive to turn the data reforms into a binding EU law.

EU data protection rules 'on schedule' despite delay

Despite not having begun formal deliberations in committee, the European Parliament is on course to define its position on the EU's new data protection regime by mid-2013, according to data privacy expert Sophie In't Veld.

EU Commission still assessing Hungary's anti-LGBTI law

In response to the EU probe, Hungarian prime minister Viktor Orbán's government called for a referendum on the anti-LGBTI legislation, but it failed to to muster enough votes earlier this month to be valid.

EU: Ukraine war makes internal rule-of-law fight essential

Hungary said the EU should demonstrate unity — instead of policing internal rule-of-law breaches. But top EU officials have defended ongoing procedures against Hungary and Poland over concerns of judicial independence and democratic backsliding.

EU: Ukraine war makes internal rule-of-law fight essential

Hungary said the EU should demonstrate unity — instead of policing internal rule-of-law breaches. But top EU officials have defended ongoing procedures against Hungary and Poland over concerns of judicial independence and democratic backsliding.

Latest News

  1. MEPs sue EU commission for Covid contract transparency
  2. Le Pen's new EU rhetoric masks same old ideas
  3. Putin's shadow hangs over decisive French vote
  4. How Putin primed Kazakhstan for evading EU sanctions
  5. China & EU must cooperate on green goals, despite divides
  6. US signals Iran-type ban on Russia trade
  7. EU makes bogus claims on Libya coast guard safety
  8. Slovenia's Janša faces tight elections amid criticism

Join EUobserver

Support quality EU news

Join us