An urgent requirement for an alternative to the Safe Harbor Framework

There will be enormous consequences for both American and European companies, if a legal alternative to the Safe Harbor Framework is not arrived at in a timely manner.

European Union flags fly in front of the European Commission headquarters in Brussels October 12, 2012. REUTERS/Yves Herman

Two of America’s and Europe’s largest trade groups have warned that if Brussel and Washing fail to wrap up their data transfer pact related talks by the end of this month, there will be “enormous” consequences for thousands of businesses and millions of users.

Last year with a European court striking down a framework which allowed firms on both sides of the pond to transfer data back and forth on concerns of snooping by the United States, negotiations had begun for formulating a new framework which will allow such transfer of data across the Atlantic.
Under the EU’s data protection law, companies are not allowed to transfer any citizen’s private data to countries outside which are deemed to have insufficient safeguards vis-à-vis privacy matters, of which the U.S. is one.

With the European Union’s highest court taking this view, the 15 year old Safe Harbor framework, on which more than 4000 firms banked upon to transfer the EU’s data back and forth to the U.S., came crumbling down because U.S. national security interest came before its citizen’s privacy safeguards, which left firms on both sides of the Atlantic in a legal limbo.

Jean-Claude Juncker, the EU’s president had written a letter to his U.S. counterpart warning of dire consequences if the data transfers were not substantiated by a pact.

“This issue must be resolved immediately or the consequences could be enormous for the thousands of businesses and millions of users impacted,” read the letter.

Industry groups, including BusinessEurope, the U.S. Chamber of Commerce, DigitalEurope and the Information Technology Industry Council had requested a transition period so as to comply with any revised data transfer pact, stating that small and medium sized business would need sufficient time for compliance purposes.

The deadline set by the European Union data protection authorities gave Washington and Brusels upto the end of January to hammer out a new pact which would bind corporates and multinationals into legal channels. This has however yet to fruition.

Although there is still time for a political agreement, ironing out the legal details however could take up more time, as a source who is familiar with the talks.

Business group and lawyers have voiced concerns that unless a new pact is ready, data transfer mechanism which are found not in compliance of the EU ruling could have financial implications.
“We therefore urge your leadership to ensure a durable legal framework for transatlantic data flows in the future,” reads their letter.

Privacy regulators from EU are set to meet on February 2, to decide if they should initiate enforcement action on companies found who fall foul of the EU law. Without a new framework in place, the myriad complications could be literally endless.
The European court’s ruling had come in the wake of reports of massive U.S. surveillance program, which still continue to operate, by U.S. tech companies such as Google, Apple and Facebook.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s