Privacy Groups Urge U.S., EU Officials to Address ‘Safe Harbor’ Problems

More than 30 consumer and privacy groups from the United States and the European Union have written to officials in the U.S. Department of Commerce and the European Commission urging them to ensure that the revised Safe Harbor framework for data protection under consideration by the U.S. and the EU addresses the problems that led to a court ruling invalidating the previous Safe Harbor agreement.

In a letter sent today to Commerce Secretary Penny Pritzker and Vera Jourova, European Commissioner-justice, consumers, and gender equality, the groups said a “Safe Harbor 2.0 per se will not provide a viable framework for future transfers of personal information.”

The Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumer Watchdog, the Cyber Privacy Project, the Electronic Privacy Information Center, and the Government Accountability Project were among the U.S. groups that signed the letter to officials from the U.S. and EU as they meet to work on a successor agreement following the Court of Justice of the European Union (CJEU) rejection of the previous Safe Harbor agreement in “Maximillian Schrems v. Data Protection Commissioner” (Case C-362/14).

“Consumer groups on both sides of the Atlantic are eager to see the governments of the European Union and the United States update privacy laws” after the court decision, the letter says.  “We believe this is absolutely critical to ensure the continuation of transborder data flows,” it says.

“In broad terms, we favor (1) the end of mass surveillance by intelligence agencies, (2) the establishment and modernization of legal frameworks that protect fundamental rights, (3) increased transparency and accountability for organizations that collect and use personal data, and (4) effective means of oversight and enforcement by independent data protection authorities,” the groups said.

The groups offered a series of proposals that they said should be addressed in the agreement.  They said the EU should enact an “effective General Data Protection Regulation” by year-end and should enact a revised Directive on Data Protection in the context of law enforcement that “provides greater accountability and transparency for police agencies and greater rights for individuals.”  In addition, the EU should “end the mass surveillance of people by member states” and ensure “effective enforcement of its data protection laws towards companies established in the US that are targeting users in Europe.”

The U.S. should enact a “comprehensive legal framework for data protection based on the Consumer Privacy Bill of Rights with appropriate regulatory and enforcement powers,” end mass surveillance of non-U.S. persons under section 702 of the PATRIOT Act, and establish an independent data protection agency, they said.

The groups also called for the U.S. to update the Privacy Act of 1974 to provide “meaningful judicial redress to all persons whose data is stored by a U.S. federal agency”; ratify Council of Europe Convention 108, the Privacy Convention; and “stand up for strong encryption and reject any law or policy that would undermine the security of consumers and Internet users.”

Finally, the groups called for the EU and U.S. to commit to an “annual summit with the full participation of civil society organizations to assess progress toward these goals.”

“A revised Safe Harbor framework similar to the earlier Safe Harbor framework will almost certainly be found invalid by the national data protection agencies and ultimately by the CJEU,” the letter says.  “In a recent Communication the Commission also acknowledges that it must ensure that ‘a new arrangement for transatlantic transfers of personal data fully complies with the standard set by the Court.’

“It is impossible to ignore that the ‘Schrems’ decision requires necessary changes in the ‘domestic law’ and ‘international commitments,'” it adds.  “Any proposal from the Department of Commerce and European Commission that attempts to substitute a trade pact for fundamental rights set out in Articles 7, 8, and 47 of the Charter will be subject to ‘strict’ review by the CJEU.” – Brian Hammond, brian.hammond@wolterskluwer.com

Courtesy TRDaily