U.S., EU Safe Harbor Pact: Safe, For Now
If the people concerned are to be believed, the U.S. and EU will soon see their long-standing Safe Harbor Agreement renewed, featuring significant changes relating to more privacy protections for EU citizens.
The Safe Harbor Pact between the two economic powers was installed fifteen years ago, to avoid any disruption in the businesses between companies in the two jurisdictions which involve the processing of personal data (particularly those of EU citizens).
Those familiar with the 1995 EU Data Protection Directive know of its provision prohibiting the export or outsourcing of personal data processing to non-EU members, unless those countries have adopted a similar or higher level of data protection than that of the EU’s. For most other countries with a similar relationship with the EU, the ideal reaction was to come up with their own data protection laws, essentially identical to the EU model. Not the U.S. The administration then refused to enact a comprehensive data protection law, even if only to comply with the EU regulation. Thus, the Safe Harbor Agreement was born. Under this pact, individual U.S. companies would voluntarily commit to comply with the legal requirements of the EU Data Protection Directive—thereby, doing away with the need to pass a similar U.S. law.
Edward Snowden changed all this. Or rather, U.S. surveillance activities, as revealed by Snowden, changed the entire landscape.
Snowden’s disclosures revealed the extent by which the U.S. government carried out its surveillance activities, presumably to address terror threats and improve law enforcement. The State would either directly request personal data from U.S. companies or, should that fail (and sometimes, simply because they could), find more diabolical means (i.e., hack in to the company servers) to achieve such end. In either case, the fact that U.S. companies are involved and these are located on U.S. soil, made such privacy-invasive—not to mention questionable—practices easier to accomplish.
Naturally, foreign states, including those constituting the EU, were alarmed. Especially since, under U.S. law, their citizens essentially enjoyed little to no rights against the brute powers of the U.S. government.
In time, proposals to scuttle (or at least amend) the Safe Harbor Agreement became more prominent. After all, what was the point of having U.S. companies make promises they couldn’t keep because they are obliged by law anyway to comply with U.S. government data requests—which, in turn, fundamentally compel a breach of their promises under the Agreement.
Apparently, given this recent piece of news, the Agreement stands a good chance of surviving this enormous privacy-centric debacle. Whether the states involved think the stakes are too high for them to even entertain the idea of permanently doing away with such a pact, or big business simply prevailed once again over their wards in government, the Agreement may be here to stay. The only question left to be answered: how will an “improved” Safe Harbor Agreement actually ensure that EU data protection principles are upheld by the U.S. this time around?
Time will tell. Or maybe the next Snowden will.