What’s the buzz about safe harbor?
Following a complaint lodged by Austrian law student Max Schrems the European Court of Justice threw out a fifteen year old agreement which regulated the transfer of European data to the United States. EU data is per-se not allowed to be transferred out of the EU due to privacy concerns, but because of the high standards of U.S. privacy laws, the European Commission had agreed to the safe harbor agreement in 2000, where U.S. companies could be certified to transfer European data to stateside servers.
Following revelations by Edward Snowden that the U.S. collected data from major U.S. internet companies through its PRISM programme, the ECJ found there were not sufficient safeguards to ensure that European data could safely be stored on U.S. servers. The Court gave the European Commission until February 1 2016 to come up with a new agreement which includes safeguards to counter threats to European data privacy.
Liberal Digital Single Market Commissioner Andrus Ansip is leading negotiations with the U.S. on behalf of the Commission. Ansip set the stakes high saying we need a “bullet-proof” agreement. Just four days before the deadline lapses and 24 hours before Data Protection Day, the Friedrich Naumann Foundation for Freedom’s Brussels office gathered a panel of experts to guide us through the tumultuous waters of safe harbor and the ongoing negotiations to find a new and stronger agreement.
Overshadowed by crises and primaries
Although the lack of a new agreement would affect thousands of small companies and millions of European consumers, the debate over safe harbor has seemingly dried out in the EU. Gisela Piltz, longtime data protection advocate and a Member of the Friedrich Naumann Foundation for Freedom’s Board of Trustees stressed that the refugee crisis has monopolized the attention of German mainstream media.
This in turn meant that the safe harbor debate has been near-absent in privacy-conscious Germany. Piltz noted however that the topic is not lost on German liberals who are at this very moment fighting to overturn the data retention policy of the German government. Berin Szoka, head of the U.S.-think-tank Tech Freedom could tell the audience that just as Europe is too consumed by the refugee crisis to focus on safe harbor, the United States media is equally preoccupied with an ongoing U.S. primary elections season and the candidacy of Donald Trump.
What if we don’t reach a safe harbor by February 1?
The first of two major bones of contention in the current negotiations for a better agreement is to identify safeguards which would adequately protect EU data privacy on U.S. servers. As Szoka underlined, there is no legal definition of what would be classified as adequate safeguards and as such any solution will undoubtedly again have to be tried in front of the ECJ. This explains Commissioner Ansip’s anxiousness arrive at a “bullet-proof” agreement, and both for Szoka and Christian Borggreen from the internet industry organization CCIA, the worst possible outcome would be a negotiated new agreement which would then be thrown out by the ECJ.
This would compel both parties to return to the drawing board, doubling concerns over the future of transatlantic EU data transfer. The second major topic is to ensure that EU citizens have adequate redress opportunities if they suspect that their U.S.-stored data could be infringed. Szoka pointed out that as a part of the greater Umbrella Negotiations between the EU and the US, EU citizens will in future be awarded equal status to U.S. citizens under the U.S. Privacy Act of 1974. According to Szoka, this would help negotiations along, but is unlikely to be the item which tips the balance in favor of a safer harbor. Borggreen pointed out that it is not only in the interest of citizens to award EU citizens this opportunity for legal redress, but for businesses to reassure its EU-based customers that their data is well taken care of.
With the February 1 deadline looming large over negotiators our panel was also asked when they think we will see an agreement come together. All panelists stressed that negotiations are now currently in a tough phase were important compromises must be sought. Szoka also pointed out the detrimental effects should a new agreement not be found soon. EU GDP could suffer by as much as a 1, 1% decline if agreement remains elusive. Piltz underscored the detrimental effect it will have on primarily small and medium-sized enterprises (SMEs) who do not have the legal resources of navigating the transatlantic data transfer waters. Without a new agreement, transatlantic data transfer, and trade with it, could falter.
The results for the EU would be less competition in the internet services field, with EU-substitutes for U.S. platforms such as Slacker, Twitter and Facebook popping up. While this might mean short-term job creation in the EU it would also fragment the international data industry, raise prices and weaken competition. As Szoka pointed out, the great irony of this would be that although safe harbor was dismissed for lack of safeguards against espionage, data stored on EU-based clouds would be easier for U.S. intelligence agencies to access than those based in the U.S. because their hands would not be tied by rules governing their ability to gather intelligence domestically. The panel therefore hoped that negotiations would be concluded soon, although both Szoka and Borggreen warned against coming to a hasty conclusion which might not hold up against renewed ECJ scrutiny.
“Never waste a good crisis”
All panelists welcomed the promise that a new agreement would improve the conditions for data privacy. Piltz stressed the sanctity of the principle that an EU citizen’s data should be protected according to EU standards no matter where it is stored. They were however also concerned with the negative impact the lack of an agreement would have on SMEs and European consumers.
Szoka predicted that without an agreement the uncertainty would force U.S. SMEs think twice about setting up shop in Europe. While the ECJ’s decision to invalidate the safe harbor agreement was motivated by privacy concerns, it is clear that without a new “bullet-proof” agreement the consequences for privacy as well as free trade would be detrimental. Rounding up the discussion, the head of the FNF office in Washington, Claus Gramckow, encouraged negotiators to use the negotiations as an opportunity to advance the transatlantic relationship. The phrase coined by Chicago Mayor Rahm Emanuel to “…never waste a good crisis” rounded up the discussion.