U.S.-EU Safe Harbor Under Fire


As part of an on-going debate on the European data protection reform, doubts were cast over the adequacy of the Safe Harbor arrangements with the United States. Viviane Reding, the European Commissioner for Justice, Fundamental Rights and Citizenship, called the 13-year-old data-sharing agreement between the EU and the United States a potential "loophole for data transfers," which does not provide adequate protection. "The Safe Harbour agreement may not be so safe after all," she said when announcing a review of the cross-Atlantic agreement.

The existing General Data Protection Directive prohibits cross-border transfers of personal data to countries not recognised as providing adequate protection for the processing of personal data, unless certain mechanism are in place. The U.S.-EU Safe Harbor Framework attempts to transpose European data protection law into that of the United States, such data transferred to companies certifying adherence to the framework as deemed to provide adequate protection for the processing of personal data. Currently, around 3,000 companies have voluntarily joined the programme by subscribing to a binding set of data transfer rules.

EU officials have raised two criticisms. First, whether Safe Harbor actually provides adequate protection. Second, whether companies certified to Safe Harbor actually observe the principles. Past studies have shown organisations falsely claiming to have certified to Safe Harbor, as well as only a fraction of...

To continue reading