Saturday

21st May 2022

EU questions decade-old US data agreement

  • Reding says US surveillance allegations is a "wake up call" for stronger data protection legislation. (Photo: eu2013.lt)

The European Commission is casting doubts on a 13-year old data sharing agreement with the United States.

EU justice commissioner Viviane Reding on Friday (19 July) told reporters in Lithuania’s capital Vilnius her services will be reviewing the so-called Safe Harbor Agreement.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

“We do have the impression that the Safe Harbor Agreement, might not be so safe, after all,” she said.

The agreement was hammered out in 2000 between the US department of commerce and the European Commission, based on a clause in the current 1995 EU Data Protection Directive.

The around 3,000 companies that have voluntarily signed up follow a binding set of data transfer rules between the US and EU based on seven principles - notice, choice, onward transfer, security, integrity, access, and enforcement.

The low data protection standards built into the agreement is possibly a loophole, noted Reding.

“I’m working on a solid assessment of the Safe Harbor Agreement and I will present this assessment before the end of the year,” she said.

The US Federal Trade Commission (FTC) enforces Safe Harbor.

Some European data protection authorities have also expressed their doubts the agreement.

German deputy privacy commissioner Marit Hansen of Schleswig-Holstein’s data protection authority says the rules are seldom enforced in substance.

“I assume that if I write to a company as a data protection authority ‘you are in Safe Harbor please give some information on these principles and how you implement them in your business’ they will answer. So far no one was able to answer my question because they are not prepared to do that,’ she told this website in April.

In 2010, the US consultancy company Galexia found a number of irregularities in the agreement.

They noted in a report that 200 companies claimed to have joined the agreement without ever having done so. They also found only 350 companies which complied with the minimum standards of the agreement and that only one court case had been issued in over a ten-year period.

The FTC has since been more proactive and has issued twenty year consent orders on Twitter, Google, Facebook and MySpace which require them to be regularly audited.

In November last year, the FTC required Google to pay out $22.5 million over claims the Internet giant planted cookies on Apple’s Safari Internet browser.

Reding’s announcement on Safe Harbor follows a morning session of informal discussions with EU ministers of interior, which also touched upon the EU data protection regulation and the post-Stockholm programme on future justice priorities.

The on-going media revelations about the US Prism surveillance programme has provided extra new incentives for legislators to finalise negotiations on the data protection regulation and its adjoining directive.

Both policies aim to harmonise data protection rules throughout the EU but have suffered numerous setbacks as euro-deputies struggle to reach compromises on the 4,000 or so amendments.

German and French ministers in a joint-letter said the legislative data reforms need to advance with an aim to finalise negotiations between the European parliament and member states before the end of the Lithuanian EU Presidency.

“The justice ministers of the two countries signed a joint declaration saying that we need a high level of data protection for European citizens, which strikes the right balance between freedom and security,” said Reding.

She urged other ministers to demonstrate a similar drive to turn the data reforms into a binding EU law.

EU data protection rules 'on schedule' despite delay

Despite not having begun formal deliberations in committee, the European Parliament is on course to define its position on the EU's new data protection regime by mid-2013, according to data privacy expert Sophie In't Veld.

Hungary turned into 'hybrid regime', MEPs say

The new draft European Parliament report is an update to the 2018 report which triggered the Article 7 procedure against Hungary, a sanctions probe aiming to rein in member states that break EU rules and values.

News in Brief

  1. UK to send 'hundreds' of migrants to Rwanda each year
  2. Norwegian knife attacks were domestic dispute
  3. Sweden hits back at Turkey's 'disinformation' in Nato bid
  4. Germany's Schröder gives up one of two Russia jobs
  5. G7 countries pledge €18bn in financial aid for Ukraine
  6. Italian unions strike in protest over military aid for Ukraine
  7. Russia cuts gas supply to Finland
  8. Half of Gazprom's clients have opened rouble accounts

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic delegation visits Nordic Bridges in Canada
  2. Nordic Council of MinistersClear to proceed - green shipping corridors in the Nordic Region
  3. Nordic Council of MinistersNordic ministers agree on international climate commitments
  4. UNESDA - SOFT DRINKS EUROPEEfficient waste collection schemes, closed-loop recycling and access to recycled content are crucial to transition to a circular economy in Europe
  5. UiPathNo digital future for the EU without Intelligent Automation? Online briefing Link

Latest News

  1. What Europe still needs to do to save its bees
  2. Remembering Falcone: How Italy almost became a narco-state
  3. Economic worries and Hungary on the spot Next WEEK
  4. MEPs urge sanctioning the likes of ex-chancellor Schröder
  5. MEPs call for a more forceful EU response to Kremlin gas cut
  6. Catalan leader slams Pegasus use: 'Perhaps I'm still spied on'
  7. More EU teams needed to prosecute Ukraine war crimes
  8. French EU presidency struggling on asylum reforms

Join EUobserver

Support quality EU news

Join us