Monday

23rd Oct 2017

EU questions decade-old US data agreement

  • Reding says US surveillance allegations is a "wake up call" for stronger data protection legislation. (Photo: eu2013.lt)

The European Commission is casting doubts on a 13-year old data sharing agreement with the United States.

EU justice commissioner Viviane Reding on Friday (19 July) told reporters in Lithuania’s capital Vilnius her services will be reviewing the so-called Safe Harbor Agreement.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

“We do have the impression that the Safe Harbor Agreement, might not be so safe, after all,” she said.

The agreement was hammered out in 2000 between the US department of commerce and the European Commission, based on a clause in the current 1995 EU Data Protection Directive.

The around 3,000 companies that have voluntarily signed up follow a binding set of data transfer rules between the US and EU based on seven principles - notice, choice, onward transfer, security, integrity, access, and enforcement.

The low data protection standards built into the agreement is possibly a loophole, noted Reding.

“I’m working on a solid assessment of the Safe Harbor Agreement and I will present this assessment before the end of the year,” she said.

The US Federal Trade Commission (FTC) enforces Safe Harbor.

Some European data protection authorities have also expressed their doubts the agreement.

German deputy privacy commissioner Marit Hansen of Schleswig-Holstein’s data protection authority says the rules are seldom enforced in substance.

“I assume that if I write to a company as a data protection authority ‘you are in Safe Harbor please give some information on these principles and how you implement them in your business’ they will answer. So far no one was able to answer my question because they are not prepared to do that,’ she told this website in April.

In 2010, the US consultancy company Galexia found a number of irregularities in the agreement.

They noted in a report that 200 companies claimed to have joined the agreement without ever having done so. They also found only 350 companies which complied with the minimum standards of the agreement and that only one court case had been issued in over a ten-year period.

The FTC has since been more proactive and has issued twenty year consent orders on Twitter, Google, Facebook and MySpace which require them to be regularly audited.

In November last year, the FTC required Google to pay out $22.5 million over claims the Internet giant planted cookies on Apple’s Safari Internet browser.

Reding’s announcement on Safe Harbor follows a morning session of informal discussions with EU ministers of interior, which also touched upon the EU data protection regulation and the post-Stockholm programme on future justice priorities.

The on-going media revelations about the US Prism surveillance programme has provided extra new incentives for legislators to finalise negotiations on the data protection regulation and its adjoining directive.

Both policies aim to harmonise data protection rules throughout the EU but have suffered numerous setbacks as euro-deputies struggle to reach compromises on the 4,000 or so amendments.

German and French ministers in a joint-letter said the legislative data reforms need to advance with an aim to finalise negotiations between the European parliament and member states before the end of the Lithuanian EU Presidency.

“The justice ministers of the two countries signed a joint declaration saying that we need a high level of data protection for European citizens, which strikes the right balance between freedom and security,” said Reding.

She urged other ministers to demonstrate a similar drive to turn the data reforms into a binding EU law.

EU data protection rules 'on schedule' despite delay

Despite not having begun formal deliberations in committee, the European Parliament is on course to define its position on the EU's new data protection regime by mid-2013, according to data privacy expert Sophie In't Veld.

EU gives thumbs up to US data pact

Commission gives 'thumbs-up' to controversial Privacy Shield deal with US on data sharing after a year's operation - but notes room for improvement.

Stakeholders' Highlights

  1. Mission of China to the EUPresident Xi Jinping Proposes Stronger Global Security Governance at Interpol Assembly
  2. European Friends of ArmeniaEU Engagement Could Contribute to Lasting Peace in Nagorno-Karabakh
  3. UNICEFViolence in Myanmar Driving 12,000 Rohingya Refugee Children Into Bangladesh Every Week
  4. European Jewish CongressBulgaria Applauded for Adopting the Working Definition of Antisemitism
  5. EU2017EENorth Korea Leaves Europe No Choice, Says Estonian Foreign Minister Sven Mikser
  6. Mission of China to the EUZhang Ming Appointed New Ambassador of the Mission of China to the EU
  7. International Partnership for Human RightsEU Should Seek Concrete Commitments From Azerbaijan at Human Rights Dialogue
  8. European Jewish CongressEJC Calls for New Austrian Government to Exclude Extremist Freedom Party
  9. CES - Silicones EuropeIn Healthcare, Silicones Are the Frontrunner. And That's a Good Thing!
  10. EU2017EEEuropean Space Week 2017 in Tallinn from November 3-9. Register Now!
  11. European Entrepreneurs CEA-PMEMobiliseSME Exchange Programme Open Doors for 400 Companies Across Europe
  12. CECEE-Privacy Regulation – Hands off M2M Communication!