Posted in EU–U.S. Safe Harbor

Opinion

European Court Gives a Boost to EU Data Protection Reform

On April 8, the Court of Justice of the European Union invalidated the EU Data Retention Directive 2006/24. Beyond its significance for data retention, this judgment has important implications for EU data protection law in general and the proposed General Data Protection Regulation (GDPR) in particular.

More from Christopher Kuner

Opinion

Getting Practical and Thinking Ahead: “Interoperability” Is Gaining Momentum

In a world of disparate privacy regimes, pragmatic privacy professionals, experts and regulators have in recent years championed “interoperability” as the way forward for providing consistent privacy protections for global data flows. Of course, many in the privacy and data protection community continue to pursue the ideal of a global privacy standard and have made various recommendations to that effect over the years. Witness the recent “Resolution on anchoring data protection and the protection of privacy in international law” adopted by the International Conference of Data Protection and Privacy Commissioners in Warsaw, Poland, last September.

More from Markus Heyder

EU Data Protection

An Honest Recap on Safe Harbor

By Eduardo Ustaran, CIPP/E

The recent vote at the European Parliament—by an overwhelming majority of 544 to 78 members, with 60 abstentions—calling for the immediate suspension of Safe Harbor has sent some powerful shockwaves across the business and legal communities in the EU and beyond. This should not have come as a surprise, given that the European Parliament has been very vocal in this respect for a while, but it is still a chilling reminder of the uncertainty surrounding the scheme—possibly the most widely relied upon mechanism to legitimise data flows between the EU and the U.S.

The big question that remains on the ground is whether EU-based organisations that rely on Safe Harbor as the legal basis for transferring data to either their own corporate group entities or service providers operating in the U.S. are doing the right thing or should be looking for alternatives.

More from Eduardo Ustaran

Opinion

How Will Obama’s NSA Plans Impact European Data Protection Requirements?

By Eduardo Ustaran, CIPP/E

The recently revealed plans by President Barack Obama to reform the way in which the U.S. intelligence services gather and use data throughout the world have had a lukewarm reception by European politicians. The rhetoric by members of the European Parliament in particular suggests that Obama’s proposed reforms stopped short of what would have been comforting enough for them. Such reforms are a work in progress that will extend over months and years, but Obama’s stance is bound to have a very direct effect on existing and forthcoming EU data protection requirements.

More from Eduardo Ustaran

Opinion

Shutting Europe Down Is Not the Way To Defend Privacy

By Eduardo Ustaran, CIPP/E

When I was at university, I remember a lecturer who used to say the first rule that any law degree student should follow was “to not panic.” That is a rule that we should all apply when reading the draft report of the LIBE Committee of the European Parliament on the NSA surveillance programme. The prospect of a closed-down Europe that is advocated by the report is certainly daunting. Shutting down pretty much all transatlantic data flows in order to prevent unreasonable access to data by the U.S. intelligence services would not only be disproportionate, but it would be hugely damaging to the information society we all rely on.

More from Eduardo Ustaran

Opinion

Legal Reform Is Needed on Both Sides of the Atlantic, Not Just in Europe

I recall that in the 1990s and early 2000s, it was often a struggle to get people outside of Europe to take EU data protection law seriously. The perceived lack of enforcement in the EU, and the dynamic legislative climate in the U.S., meant that more attention was given to U.S. developments.

The situation is now reversed, and there has been intense interest in the European Commission’s proposal for a General Data Protection Regulation published in January 2012, and in related developments such as calls for reform of the EU-U.S. Safe Harbor. U.S.-based lobbyists have descended in hordes on the EU institutions; U.S. government representatives travel to Brussels to lobby the EU, and U.S. authors publish articles and papers on complex issues of EU law. Brussels has become the center of the global privacy world.

This causes us in Europe to wonder: Why doesn’t the U.S. work as hard to improve its own privacy law as it does to lobby for changes in the EU?

More from Christopher Kuner

Opinion

The Plain Truth About Safe Harbor

By Eduardo Ustaran, CIPP/E
The European Commission

The stance adopted by the European Commission in the report on the functioning of Safe Harbor published today was probably one of the worst kept secrets of the privacy world. It was patently obvious to anyone close enough to the controversy around the ability of Safe Harbor to live up to the expectations of EU policy makers and regulators that the Commission would be critical about it but would stop short of delivering a fatal blow to the scheme.

More from Eduardo Ustaran

Opinion

Has the LIBE Committee Torpedoed the Safe Harbor?

The committee of the European Parliament charged with shepherding the proposed EU Data Protection Regulation—the LIBE Committee—finally has reported out an amended version of the Regulation. And despite the fact that a Commission-initiated review of the EU-U.S. Safe Harbor is pending, it appears the LIBE Committee effectively has called for the end of the Safe Harbor.

More from Christopher Wolf