• About
        • Staff
        • Board
        • Annual Reports
        • CDD History
  • Program Areas
        • Digital Health
        • Digital Consumer
        • Digital Citizen
        • Digital Youth
  • Newsroom
        • Blog
        • Press Releases
        • CDD Filings
        • Reports/CDD Articles
  • What You Need To Know
  • Contact
  • Donate

EU and US NGOs respond to EU Date Safe Harbor report: Safe Harbor Program should be suspended until US protects online privacy

By: Jeff Chester | Nov 27 2013

Today, the European Commission issued a report evaluating its "Safe Harbor" agreement on data with the U.S.   Here's a statement from BEUC, the European Consumer Organization, and also from CDD:

Director General of The European Consumer Organisation, Monique Goyens, commented:
 
“The European Commission’s report on the ‘Safe Harbour’ agreement confirms the longstanding concerns of consumer groups on both sides of the Atlantic. More than a decade after its establishment, the pact is riddled with problems.
 
“This agreement claims to reassure EU and US consumers when their personal data is exchanged for commercial purposes, but it has now been shown to retain only a fig-leaf of credibility. In practice, it is riven with false claims of membership, the process is not transparent and many signatories’ lack even a privacy policy. In the wake of all this, there has been absence of effective enforcement by regulatory authorities over the years. Recent events have highlighted the obvious imprudence of poorly designed data exchange agreements. The question now will be: ‘is Safe Harbour beyond repair?’
 
“The safety of European consumers’ data needs to be paramount. Data flows must have a true harbour, not just a commercial port. US authorities may need to come to understand that Safe Harbour can no longer be used as a free pass for data exchange.
 
“The European Commission’s 13 Recommendations are a welcome address of many of the issues. Better enforcement is crucial and we’re glad to see that being examined. But the ability of companies to self-certify as offering ‘Safe Harbour’ is unjustifiable and remains inexplicably outside the review. It is hard to see the purpose of proceeding without tackling such basic flaws and perhaps the time has come to put the Safe Harbour agreement to one side and move on.
 
“This is the latest transatlantic regulatory tussle over personal data. Any attempt to revise how Europeans’ data flows to US companies must fall in line with the separate, overarching EU personal data law review. Otherwise this is merely a map for traders to deviate from fundamental EU privacy rights.”

And CDD's Jeff Chester explained that: 

The EU report should have found that the entire Safe Harbor scheme is inadequate because it assumes that there is "adequacy" in how the U.S. protects privacy compared to Europe.  Unlike the EU, the  U.S. has no single data protection law, and lax oversight by the FTC has contributed to growing commercial surveillance conducted by our online industry.  Until the US enacts privacy protection for consumers in line with the EU approach, there should be no Safe Harbor regime in place.  Given the strong opposition of the data collection lobby (Google, Facebook, etc), it is unlikely there will be any legislation soon, leaving both U.S and EU citizens unprotected.

The EU is correct (on page 16, 18 of report) to raise concerns about how the NSA can use the Safe Harbor system to access data on its citizens.  But the European Commission should acknowledge that the ability of the FTC to prevent NSA like data gathering practices by Google, Facebook, and other major U.S. companies operating in the EU is practically non-existent.  

Read Privacy International's Anna Fiedler on the EU safe harbor report.

And from the 2013 October Data Flows Resolution adopted by the U.S. and EU consumer organization TACD.   Here is the relevant excerpt:  "More than ten years after these ground rules were established, there are significant problems with the Safe Harbor Framework, mainly with false claims regarding membership and certification, transparency and accessibility of privacy policies, independence of dispute resolution mechanisms and absence of effective enforcement by regulatory authorities. Additional work is necessary to ensure that any Safe Harbor Framework is adequately harmonized with the provisions in the EU data protection legislation." It calls on the EU and US to "Independently assess the effectiveness of the US-EU Safe Harbour Privacy Framework and make necessary changes to ensure that it is adequately harmonized with the provisions in the EU data protection legislation."  
 




 

Share to



Contact Us


1015 15th Street, NW, #600
Washington, DC 20005
Tel: (202) 494-7100

SEND US A MESSAGE
Tweets by DigitalDemoc

What Is The CDD


The Center for Digital Democracy (CDD) is recognized as one of the leading digital rights, consumer protection, and privacy organizations in the United States. For nearly two decades, CDD has been at the forefront of research, public education, and advocacy on behalf of citizens, consumers, communities, and youth.

PRIVACY POLICY

Copyright © 2018 Center for Digital Democracy. All Rights Reserved. | Website by J. Sean Walker (link is external)