Future of the “safe harbor” arrangement for personal data transfers to the U.S.

On Wednesday, 15th January 2014, the European Parliament will have a debate the the ‘Future of the Safe Harbour Agreement in the light of the NSA affair’. The agreement in question is an arrangement between Europe and the U.S. which dates back to the year 2000.

In 1995, the then European Community adopted a Directive “on the protection of individuals with regard to the processing of personal data and on the free movement of such data”. The Directive prohibits the transfer of personal data to non-European Union countries that do not meet the European Union (EU) “adequacy” standard for privacy protection. As the U.S. takes a different approach to privacy from that taken by the EU, there would be a genuine risk that U.S. organisations, while respecting U.S. rules and regulations, might not comply with the EU “adequacy” standard.

In order to bridge these differences in approach and provide a streamlined means for U.S. organizations to comply with the Directive, the U.S. Department of Commerce in consultation with the European Commission developed a “Safe Harbor” framework. The arrangement was codified into European law by a Commission Decision of 26 July 2000.

Under the “safe harbor” arrangement, U.S. organisations respecting the U.S. standards for privacy protection are deemed to meet the EU “adequacy” standard and consequently nothing stands in the way of personal data transfers between the EU and the U.S. However, the revelations on the activities of the NSA have triggered a debate on whether the EU ädequacy” standard can be met by U.S. organisations as, under the Patriot Act, these organisations are required to collaborate with the NSA and they are not allowed to reveal to anyone if and to what extent they are forced to collaborate with the NSA. Besides, the U.S. privacy protetction standards are much lower for non-citizens then they are for U.S. citizens.

The value of monetization of company data in 2012 was estimated at € 50 billion, while  the monetization of personal data of consumers had reached the level of € 250 billion. The total amount of € 300 billion is expected to triple by the year 2020. See also the study by the Boston Consulting Group commissioned by Liberty Global.

This entry was posted in Privacy. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>