Washington was abuzz Tuesday after a European Union Court of Justice invalidated a long-standing safe-harbor agreement for the transfer of EU member data to the U.S.
The decision was based on revelations about NSA mass surveillance leaked by Edward Snowden and what that said about the ability of U.S. companies to guarantee data privacy.
Washington policymakers, legislators and interest groups, were all weighing in in numbers that rivaled reaction to the FCC's net neutrality rule passage, including from the chairwoman of the Federal Trade Commission, which oversees safe harbor compliance, along with the Department of Commerce.
"We are reviewing the European Court of Justice's opinion and evaluating its implications," said FTC Chairwoman Edith Ramirez. "We share the commitment of our EU counterparts to protect consumers' personal information and privacy. The Federal Trade Commission has worked closely with the Department of Commerce and our European partners on enforcing and improving the Safe Harbor Framework, and FTC enforcement actions have helped safeguard the privacy of many European consumers. We will continue to work together with our European colleagues to develop effective solutions that protect consumer privacy with respect to cross-border data transfers."
The U.S. and EU are working on a Safe Harbor II agreement that presumably would address the court's concerns. The Obama Administration has also taken steps to eliminate--or at least rein in--NSA mass surveillance.
“The European Court of Justice’s decision announced this morning invalidates the current Safe Harbor framework; a decision which could be the digital equivalent of grounding all planes and stopping all shipping from Europe to the U.S. overnight," said Sen. Brian Schatz (D-Hawaii), ranking member of the Communications subcommittee. "It is urgent for [Commerce] Secretary Penny Pritzker and [FTC] Chairwoman [Edith] Ramirez to work with their European counterparts in the European Commission and the Member States to rapidly issue clear guidance on data transfers in light of the court’s decision.
Guidance is needed to ensure continuity for businesses and consumers on both sides of the Atlantic until a new agreement is in effect."
Rep. Jim Sensenbrenner (R-Wis.) said he was very disappointed. "The United States has taken great strides to build strong data protection and privacy controls, such as USA FREEDOM, which was the first curtailment of surveillance authority in the U.S. since the 1970s. It was a thoughtful rethinking of our national security laws that few other countries have undertaken. With the Judicial Redress Act, Congress has taken additional steps toward providing global citizens’ rights over their own data. These efforts will continue in the U.S., as they should abroad, but we must maintain an environment of cooperation and goodwill with our allies. I urge EU and US officials to address this issue and to work to maintain the healthy commercial relationship the EU and the US have worked so hard to build.”
“Businesses on both sides of the Atlantic are seriously concerned about the implications of today’s ruling," said the U.S. Chamber of Commerce. "More than 4,400 European and American companies of every size have relied on this agreement to be able to move data seamlessly across the transatlantic economy while providing a high standard of protection for consumers. It is particularly alarming that this longstanding agreement has been invalidated with no discussion of a transition period or guidance regarding how companies should comply with the law while a new agreement is negotiated or as they transition to new mechanisms."
“This could be a disaster for Internet users everywhere and for U.S. Internet companies," said Berin Szoka, pPresident of TechFreedom. “The decision allows European regulators to start building a Great Privacy Wall around Europe to stop data from flowing to the U.S. — not because Facebook or any U.S. company did anything wrong, but because U.S. national security and law enforcement agencies can too easily access private data. It’s a giant roadblock in the way of what has allowed the Internet to flourish: the free flow of information across national borders.”
“The flow of consumer marketing information is essential to the global economy and millions of jobs worldwide," said Christopher Oswald, VP of advocacy for the Digital Marketing Association. Today’s decision puts at risk an critical avenue for consumers to ensure the privacy and security of their information and the ability of marketers and businesses to effectively provide their customers with information that allows them to access products and services they need and desire."
Not everyone was waving a red flag.
“Today’s decision that the NSA’s mass surveillance violates Europeans’ human rights is not only a vindication of the NSA’s critics it is also the latest proof that the NSA’s mass surveillance programs, in addition to costing us our privacy, are also ultimately going to cost American businesses billions of dollars in lost global trust," said Kevin Bankston, director of the Open Technology Institute. "Congress’ passage of the USA FREEDOM Act in July, aimed at ending NSA’s bulk collection of Americans’ phone records, was an important victory in the fight for surveillance reform. But only comprehensive reform of the NSA’s massive Internet surveillance programs -- starting with the PRISM program accessing massive amounts of data‘downstream’ in the Internet cloud and the ‘upstream’ spying programs accessing data directly from the Internet’s backbone -- will restore international trust in US companies and protect both America’s digital economy and everyone’s human rights. America literally cannot afford for the NSA’s mass surveillance of the global Internet to continue.”
Consumer Watchdog welcomed the ruling and called for tough new U.S. privacy legislation that would do the job of protecting U.S. and European data it says the harbor was not.
"The Safe Harbor deal was a way for U.S. companies to assert they were honoring key privacy principles and that Europeans’ data would be protected even though U.S. privacy law is much weaker than European law," said John Simpson, Consumer Watchdog’s Privacy Project director. “It’s been clear for years that the Safe Harbor program wasn’t working. Companies self-certified they were complying and there was virtually no enforcement. Today’s court ruling simply recognized that Safe Harbor was a sham that failed to protect Europeans’ data. Now we can move forward to enact meaningful privacy protections that will benefit Americans and Europeans alike.”