On October 6, 2015,
Europe’s highest court, The European Court of Justice (ECJ), ruled that the
long-standing international agreement called “Safe Harbor” was immediately invalid. Safe Harbor allowed companies to transfer the
digital data of individuals between the U.S. and the E.U., as long as there was
an “adequate” level of privacy protection.
The European
Commission’s July 2000 decision to implement Safe Harbor was an attempt to regulate
the E.U. and U.S.’s approach to privacy because the European Commission
believed that an adequate level of protection lacked through domestic law or
international commitments. This level of
protection gap stems from the different approaches the U.S. and E.U. have about
online data security where the U.S. privacy is viewed as a consumer protection
issue, but in Europe, privacy is viewed as a fundamental right, similar to
rights granted in the U.S. Constitution.
Now with the ECJ’s
ruling, the EU may make their own determinations as to how companies will
collect and use information gathered on its citizens, which removes the
uniformity among the EU nations with regard to data privacy. Moreover, because there are thousands of U.S.
companies, which are certified under Safe Harbor, there is a concern that without
the means to transfer data from Europe to the U.S., trans-Atlantic trade will
suffer.
The ECJ’s ruling
suggests that there was not a problem with the Safe Harbor concept, but rather
the lack of procedural safeguards in the Safe Harbor. Therefore, until modifications to the Safe
Harbor occur that may adequately protect the fundamental rights of the E.U.
citizens whose data is being transferred to the U.S. and the U.S. passes
legislation that restricts the power of the government to access personal data,
there can no longer be transfers of data from the EU to the U.S.
No comments:
Post a Comment