Skip to main content

Hill Hones In on U.S.-E.U. Data Safe Harbor

The House Communications Subcommittee and Commerce, Manufacturing and Trade Subcommittee held a joint hearing Tuesday (Nov. 3) on the status of data safe harbor negotiations between the U.S. and European Union, where a representative of big computer companies--Microsoft, Apple, Oracle--said there needed to be swift action in the short term and a long-term plan, while another witness said trillions of dollars in global GDP were at stake.

Negotiations over a new safe harbor have been in the works for a while, but took on new urgency after an EU Court invalidated the current voluntary safe harbor for exchange of date from EU to non-EU countries because it concluded the U.S. could not adequately protect its privacy.

Some 4,400 U.S. businesses have self-certified under the harbor.

Victoria Espinel, president of BSA/The Software Alliance, said that what was needed out of the negotiations was "rapid consensus on a new agreement to replace the Safe Harbor, sufficient time to come into compliance with the new rules, and a framework in which the European Union and United States can develop and agree on a sustainable, long-term solution that reflects and advances the interests of all stakeholders."

John Murphy, SVP for international policy, put an even finer point on it. He said that digital trade contributes upwards of $8 trillion annually to the global economy from data flows that are now "endangered" due to the decision.

There have been reports that companies are starting to move data from the U.S. to Europe for safekeeping.

But while there was plenty of sentiment for quickly repairing the harbor, Marc Rotenberg, President of the Electronic Privacy Information Center (EPIC), suggested it has always been a leaky vessel and was never adequate prortection for data flows between the U.S. and Europe.

EPIC has advocated for making the Obama Administration's Consumer Privacy Bill of Rights part of the baseline harbor protections.

He also said Congress needs to modernize privacy laws to secure data flows, rather than the EU and U.S. simply coming up with a "“Safe Harbor 2.0” merely repackages the previous framework that the European Court of Justice struck down, and it would not adequately safeguard personal data US companies routinely fail to protect."

Rotenberg said enforcement by the Federal Trade Commission of whatever protections are instituted is key. But he also said that the EU has a mechanism for individual EU countries to challenge a new safe harbor if it does not square with their own privacy and data protections.

The Republicans on the panel pointed out that there is currently an agreement in principle on the new harbor "2.0," and urged swift approval, pointing to the impact on businesses large and small of the uncertainty following the court decision.

Democrats agreed data needed protecting, but were more inclined to suggest Congress needed to weigh in with new privacy protections, including codifying the Administrations privacy bill of rights, and U.S. government surveillance was an issue that also needed work. Rep. Frank Pallone (D-N.J.), ranking member of the Energy & Commerce Committee, urged Congress to legislate baseline privacy protections, and Rep. Jan Schakowsky said she was planning to introduce a bill soon that would do just that, including for e-mail and social media account information.