Sunday

4th Dec 2016

EU questions decade-old US data agreement

  • Reding says US surveillance allegations is a "wake up call" for stronger data protection legislation. (Photo: eu2013.lt)

The European Commission is casting doubts on a 13-year old data sharing agreement with the United States.

EU justice commissioner Viviane Reding on Friday (19 July) told reporters in Lithuania’s capital Vilnius her services will be reviewing the so-called Safe Harbor Agreement.

Dear EUobserver reader

Subscribe now for unrestricted access to EUobserver.

Sign up for 30 days' free trial, no obligation. Full subscription only 15 € / month or 150 € / year.

  1. Unlimited access on desktop and mobile
  2. All premium articles, analysis, commentary and investigations
  3. EUobserver archives

EUobserver is the only independent news media covering EU affairs in Brussels and all 28 member states.

♡ We value your support.

If you already have an account click here to login.

“We do have the impression that the Safe Harbor Agreement, might not be so safe, after all,” she said.

The agreement was hammered out in 2000 between the US department of commerce and the European Commission, based on a clause in the current 1995 EU Data Protection Directive.

The around 3,000 companies that have voluntarily signed up follow a binding set of data transfer rules between the US and EU based on seven principles - notice, choice, onward transfer, security, integrity, access, and enforcement.

The low data protection standards built into the agreement is possibly a loophole, noted Reding.

“I’m working on a solid assessment of the Safe Harbor Agreement and I will present this assessment before the end of the year,” she said.

The US Federal Trade Commission (FTC) enforces Safe Harbor.

Some European data protection authorities have also expressed their doubts the agreement.

German deputy privacy commissioner Marit Hansen of Schleswig-Holstein’s data protection authority says the rules are seldom enforced in substance.

“I assume that if I write to a company as a data protection authority ‘you are in Safe Harbor please give some information on these principles and how you implement them in your business’ they will answer. So far no one was able to answer my question because they are not prepared to do that,’ she told this website in April.

In 2010, the US consultancy company Galexia found a number of irregularities in the agreement.

They noted in a report that 200 companies claimed to have joined the agreement without ever having done so. They also found only 350 companies which complied with the minimum standards of the agreement and that only one court case had been issued in over a ten-year period.

The FTC has since been more proactive and has issued twenty year consent orders on Twitter, Google, Facebook and MySpace which require them to be regularly audited.

In November last year, the FTC required Google to pay out $22.5 million over claims the Internet giant planted cookies on Apple’s Safari Internet browser.

Reding’s announcement on Safe Harbor follows a morning session of informal discussions with EU ministers of interior, which also touched upon the EU data protection regulation and the post-Stockholm programme on future justice priorities.

The on-going media revelations about the US Prism surveillance programme has provided extra new incentives for legislators to finalise negotiations on the data protection regulation and its adjoining directive.

Both policies aim to harmonise data protection rules throughout the EU but have suffered numerous setbacks as euro-deputies struggle to reach compromises on the 4,000 or so amendments.

German and French ministers in a joint-letter said the legislative data reforms need to advance with an aim to finalise negotiations between the European parliament and member states before the end of the Lithuanian EU Presidency.

“The justice ministers of the two countries signed a joint declaration saying that we need a high level of data protection for European citizens, which strikes the right balance between freedom and security,” said Reding.

She urged other ministers to demonstrate a similar drive to turn the data reforms into a binding EU law.

News in Brief

  1. Talks on wholesale roaming rules to start
  2. Lead MEP Dieselgate committee: Italy and Slovakia will cooperate
  3. Transparency NGO sues EU commission on Turkey deal
  4. Pro-EU liberal wins UK by-election
  5. Finnish support for Nato drops, Russia-scepticism grows
  6. Cyprus talks to resume in January
  7. Documents from German NSA inquiry released
  8. Transport commissioner 'not aware' of legal action on emissions

Stakeholders' Highlights

  1. CESIElects Leaders and Sets Safety & Health at Work and Gender Equality Among the Guidelines For Next Term
  2. European Gaming & Betting AssociationContinues to Grow its Membership and Welcomes its Newest Member Association
  3. ACCASupports the Women of Europe Awards, Celebrating the Women who are Building Europe
  4. European Heart NetworkWhat About our Kids? Protect Children From Unhealthy Food and Drink Marketing
  5. ECR GroupRestoring Trust and Confidence in the European Parliament
  6. UNICEFChild Rights Agencies Call on EU to put Refugee and Migrant Children First
  7. MIRAIA New Vision on Clean Tech: Balancing Energy Efficiency, Climate Change and Costs
  8. World VisionChildren Cannot Wait! 7 Priority Actions to Protect all Refugee and Migrant Children
  9. ANCI LazioRegio-Mob Project Delivers Analysis of Trasport and Mobility in Rome
  10. SDG Watch EuropeCivil Society Disappointed by the Commission's Plans for Sustainable Development Goals
  11. PLATO15 Fully-Funded PhD Positions Open – The Post-Crisis Legitimacy of the EU (PLATO)
  12. Access NowTell the EU Council: Protect our Rights to Privacy and Security