It does not look as though the Judicial Redress Act will get any Senate action until early next year.

The bill, which would give European citizens the right to access and correct data stored in the U.S. and legal redress if that information is illegally accessed, was scheduled for consideration in the Senate Judiciary Committee Dec. 10, but was "held over" for consideration at the next business meeting of the committee.

Computer companies and others are pushing the Senate to act on the bill as soon as possible given its importance to a new data flow security agreement with Europe (http://www.broadcastingcable.com/news/washington/senate-pushed-pass-data...).

And when will that be? Likely not before the holiday recess, according to a spokesperson for the committee. A computer company source said they were not expecting the committee to consider the bill before January.

"It is customary for bills on the agenda for the first time to be held over until the next meeting before holding a vote," said the spokesperson. "A date has not yet been set for the next business meeting, but it will likely be early next year."

The bill passed the House back in October.

The House Communications Subcommittee and Commerce, Manufacturing and Trade Subcommittee held a joint hearing Tuesday (Nov. 3) on the status of data safe harbor negotiations between the U.S. and European Union, where a representative of big computer companies--Microsoft, Apple, Oracle--said there needed to be swift action in the short term and a long-term plan, while another witness said trillions of dollars in global GDP were at stake.

Negotiations over a new safe harbor have been in the works for a while, but took on new urgency after an EU Court invalidated the current voluntary safe harbor for exchange of date from EU to non-EU countries because it concluded the U.S. could not adequately protect its privacy.

Some 4,400 U.S. businesses have self-certified under the harbor.

Victoria Espinel, president of BSA/The Software Alliance, said that what was needed out of the negotiations was "rapid consensus on a new agreement to replace the Safe Harbor, sufficient time to come into compliance with the new rules, and a framework in which the European Union and United States can develop and agree on a sustainable, long-term solution that reflects and advances the interests of all stakeholders."

John Murphy, SVP for international policy, put an even finer point on it. He said that digital trade contributes upwards of $8 trillion annually to the global economy from data flows that are now "endangered" due to the decision.

There have been reports that companies are starting to move data from the U.S. to Europe for safekeeping.

But while there was plenty of sentiment for quickly repairing the harbor, Marc Rotenberg, President of the Electronic Privacy Information Center (EPIC), suggested it has always been a leaky vessel and was never adequate prortection for data flows between the U.S. and Europe.

EPIC has advocated for making the Obama Administration's Consumer Privacy Bill of Rights part of the baseline harbor protections.

He also said Congress needs to modernize privacy laws to secure data flows, rather than the EU and U.S. simply coming up with a "“Safe Harbor 2.0” merely repackages the previous framework that the European Court of Justice struck down, and it would not adequately safeguard personal data US companies routinely fail to protect."

Rotenberg said enforcement by the Federal Trade Commission of whatever protections are instituted is key. But he also said that the EU has a mechanism for individual EU countries to challenge a new safe harbor if it does not square with their own privacy and data protections.

The Republicans on the panel pointed out that there is currently an agreement in principle on the new harbor "2.0," and urged swift approval, pointing to the impact on businesses large and small of the uncertainty following the court decision.

Democrats agreed data needed protecting, but were more inclined to suggest Congress needed to weigh in with new privacy protections, including codifying the Administrations privacy bill of rights, and U.S. government surveillance was an issue that also needed work. Rep. Frank Pallone (D-N.J.), ranking member of the Energy & Commerce Committee, urged Congress to legislate baseline privacy protections, and Rep. Jan Schakowsky said she was planning to introduce a bill soon that would do just that, including for e-mail and social media account information.

Washington was abuzz Tuesday after a European Union Court of Justice invalidated a long-standing safe-harbor agreement for the transfer of EU member data to the U.S.

The decision was based on revelations about NSA mass surveillance leaked by Edward Snowden and what that said about the ability of U.S. companies to guarantee data privacy.

Washington policymakers, legislators and interest groups, were all weighing in in numbers that rivaled reaction to the FCC's net neutrality rule passage, including from the chairwoman of the Federal Trade Commission, which oversees safe harbor compliance, along with the Department of Commerce.

"We are reviewing the European Court of Justice's opinion and evaluating its implications," said FTC Chairwoman Edith Ramirez. "We share the commitment of our EU counterparts to protect consumers' personal information and privacy. The Federal Trade Commission has worked closely with the Department of Commerce and our European partners on enforcing and improving the Safe Harbor Framework, and FTC enforcement actions have helped safeguard the privacy of many European consumers. We will continue to work together with our European colleagues to develop effective solutions that protect consumer privacy with respect to cross-border data transfers."

The U.S. and EU are working on a Safe Harbor II agreement that presumably would address the court's concerns. The Obama Administration has also taken steps to eliminate--or at least rein in--NSA mass surveillance.

“The European Court of Justice’s decision announced this morning invalidates the current Safe Harbor framework; a decision which could be the digital equivalent of grounding all planes and stopping all shipping from Europe to the U.S. overnight," said Sen. Brian Schatz (D-Hawaii), ranking member of the Communications subcommittee. "It is urgent for [Commerce] Secretary Penny Pritzker and [FTC] Chairwoman [Edith] Ramirez to work with their European counterparts in the European Commission and the Member States to rapidly issue clear guidance on data transfers in light of the court’s decision. 

Guidance is needed to ensure continuity for businesses and consumers on both sides of the Atlantic until a new agreement is in effect."

Rep. Jim Sensenbrenner (R-Wis.) said he was very disappointed. "The United States has taken great strides to build strong data protection and privacy controls, such as USA FREEDOM, which was the first curtailment of surveillance authority in the U.S. since the 1970s. It was a thoughtful rethinking of our national security laws that few other countries have undertaken. With the Judicial Redress Act, Congress has taken additional steps toward providing global citizens’ rights over their own data. These efforts will continue in the U.S., as they should abroad, but we must maintain an environment of cooperation and goodwill with our allies. I urge EU and US officials to address this issue and to work to maintain the healthy commercial relationship the EU and the US have worked so hard to build.”

“Businesses on both sides of the Atlantic are seriously concerned about the implications of today’s ruling," said the U.S. Chamber of Commerce. "More than 4,400 European and American companies of every size have relied on this agreement to be able to move data seamlessly across the transatlantic economy while providing a high standard of protection for consumers. It is particularly alarming that this longstanding agreement has been invalidated with no discussion of a transition period or guidance regarding how companies should comply with the law while a new agreement is negotiated or as they transition to new mechanisms."

“This could be a disaster for Internet users everywhere and for U.S. Internet companies," said Berin Szoka, pPresident of TechFreedom. “The decision allows European regulators to start building a Great Privacy Wall around Europe to stop data from flowing to the U.S. — not because Facebook or any U.S. company did anything wrong, but because U.S. national security and law enforcement agencies can too easily access private data. It’s a giant roadblock in the way of what has allowed the Internet to flourish: the free flow of information across national borders.”

“The flow of consumer marketing information is essential to the global economy and millions of jobs worldwide," said Christopher Oswald, VP of advocacy for the Digital Marketing Association. Today’s decision puts at risk an critical avenue for consumers to ensure the privacy and security of their information and the ability of marketers and businesses to effectively provide their customers with information that allows them to access products and services they need and desire."

Not everyone was waving a red flag.

“Today’s decision that the NSA’s mass surveillance violates Europeans’ human rights is not only a vindication of the NSA’s critics it is also the latest proof that the NSA’s mass surveillance programs, in addition to costing us our privacy, are also ultimately going to cost American businesses billions of dollars in lost global trust," said Kevin Bankston, director of the Open Technology Institute. "Congress’ passage of the USA FREEDOM Act in July, aimed at ending NSA’s bulk collection of Americans’ phone records, was an important victory in the fight for surveillance reform. But only comprehensive reform of the NSA’s massive Internet surveillance programs -- starting with the PRISM program accessing massive amounts of data‘downstream’ in the Internet cloud and the ‘upstream’ spying programs accessing data directly from the Internet’s backbone -- will restore international trust in US companies and protect both America’s digital economy and everyone’s human rights. America literally cannot afford for the NSA’s mass surveillance of the global Internet to continue.”

Consumer Watchdog welcomed the ruling and called for tough new U.S. privacy legislation that would do the job of protecting U.S. and European data it says the harbor was not.

"The Safe Harbor deal was a way for U.S. companies to assert they were honoring key privacy principles and that Europeans’ data would be protected even though U.S. privacy law is much weaker than European law," said John Simpson, Consumer Watchdog’s Privacy Project director. “It’s been clear for years that the Safe Harbor program wasn’t working.  Companies self-certified they were complying and there was virtually no enforcement. Today’s court ruling simply recognized that Safe Harbor was a sham that failed to protect Europeans’ data.  Now we can move forward to enact meaningful privacy protections that will benefit Americans and Europeans alike.”

A bipartisan group of House Energy & Commerce Committee members has requested a briefing from the Commerce Department on a European Union court of Justice ruling that the E.U./U.S. data privacy safe harbor is invalid.

Commerce is working on a successor agreement that would presumably address the court's issues, though it is unclear what assurances the new deal could give on NSA surveillance of data, one of the reasons the court ruled that the safe harbor was not necessarily safe.

In a statement, bipartisan leaders of the committee said they were concerned by the impact of the decision.

“The ripple of uncertainty caused by today’s decision is cause for concern as digital data flows have become a bedrock of commerce," they said. "We must be mindful of any decision that threatens U.S. jobs and the strong commercial ties between our country and the European Union,” they said.

The "they" was basically all the committee leaders on both sides of the aisle: Chairman Fred Upton (R-Mich.); Ranking Member Frank Pallone (D-N.J.), Communications Subcommittee Chairman Greg Walden (R-Ore.), ranking member Anna Eshoo (D-Calif.), Commerce, Manufacturing, and Trade Subcommittee Chairman Michael Burgess (R-Tex.) and ranking member Jan Schakowsky (D-Ill.).

“In this ever-evolving area there have been good conversations across the Atlantic to address privacy," they continued. "Our hope is that European regulators move quickly, working with the Department of Commerce and others here in the U.S., to provide a quick resolution to this unnecessary uncertainty.”

The Center for Digital Democracy has filed suit in U.S. District Court for the District of Columbia against the Federal Trade Commmission alleging that it has wrongfully withheld records about online safe harbor programs that CDD sought under the Freedom of Information Act.

CDD is looking for annual reports to the FTC from various safe harbor programs under the Children's Online Privacy Protection Act.

The FTC's COPPA Rule (enforcing the COPPA law) requires operators of Web sites and online services directed to children under 13 to "provide notice and obtain permission from a child’s parents before collecting personal information from that child." The safe harbor allows industry  to develop its own COPPA oversight programs, known as 'safe harbor, programs that the FTC vets. If the FTC approves, participating in the program is presumed to be compliance with COPPA restrictions on that personal information collection.

CDD has long questioned the effectiveness of the voluntary industry safe harbor programs. "The commission cannot look the other way on this issue, even if some of the Safe Harbor companies prefer to operate in a non-transparent manner," CDD said earlier this month. 

CDD made the request July 2, which FTC signaled on July 8 it had received and was processing, according to CDD. On July 25, CDD said the FTC responded that it would not be ale to meet the statutory 20-business day" deadline for responding to the request and that it was extending the deadline due to "unusual circumstances."

Whatever those were, CDD now says it has yet to hear back from the FTC. CDD says that is a violation of the statutory time limit for processing FOIA requests and wants the court to force the FTC to produce the requested records, disclose them with all fees waived, pay CDD's attorneys fees, and any other remedy the court thinks appropriate.

FTC spokesperson Cheryl Warner had no comment on the complaint.