Safe Harbor: Data Trust and Privacy Protection

The U.S. Mission to the European Union issued a statement recently saying that “the United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens.”

Safe Harbor Protects Privacy and Provides Trust in Data Flows that Underpin Transatlantic Trade

The United States Government and the European Commission have been engaged in a very productive and substantial dialogue to improve and strengthen the Safe Harbor Framework. The framework has been critically important to the protection of individual privacy and the conduct of commerce on both sides of the Atlantic; it has served and continues to serve as a model around the world for the protection of individual privacy and flow of data across national borders. We are optimistic that our discussions will conclude soon with a positive outcome for both sides.

The future of the Safe Harbor Framework, however, has now been called into question by the Advocate General’s recent opinion in Maximillian Schrems v. Data Protection Commissioner. We fully respect the European Union’s legal process; however, we believe that it is essential to comment in this instance because the Advocate General’s opinion rests on numerous inaccurate assertions about intelligence practices of the United States.

The Advocate General’s opinion notes that it was required to accept the facts as found by the Irish High Court. There was, however, no actual fact-finding in this case; instead, the Irish High Court concluded, on the basis of exhibits to plaintiff’s affidavits that the accuracy of his allegations regarding U.S. intelligence practices “is not in dispute.” But that is simply not the case, as the public record made clear at the time, and as has been made even clearer in the subsequent two years.

The United States does not and has not engaged in indiscriminate surveillance of anyone, including ordinary European citizens. The PRISM program that the Advocate General’s opinion discusses is in fact targeted against particular valid foreign intelligence targets, is duly authorized by law, and strictly complies with a number of publicly disclosed controls and limitations. Moreover, the Advocate General’s opinion fails to take into account that — particularly in the last two years – President Obama has taken unprecedented steps to enhance transparency and public accountability regarding U.S. intelligence practices, and to strengthen policies to ensure that all persons are treated with dignity and respect, regardless of their nationality or place of residence.

The Advocate General’s opinion also errs in inviting the European Court of Justice to conclude that the current Safe Harbor Framework is inadequate because the United States and the European Commission are positively engaged in an effort to strengthen it. On the contrary, the Framework was conceived as a living document, and this is not the first time that the two sides have engaged to improve its operation. On both sides, there has been a strong desire to make sure that we improve the Framework, and these efforts should be encouraged.

Moreover, the underlying issue here also goes far beyond the Safe Harbor Framework. The Advocate General’s reasoning would undercut the ability of other countries, businesses and citizens to rely upon negotiated arrangements with the European Commission.

Given the important privacy and trade benefits that Safe Harbor provides to EU and US citizens and businesses, we will continue to work closely with the European Commission to improve the Safe Harbor Framework. We hope that the final judgment of the European Court of Justice takes note of these efforts, inaccuracies in and far-reaching consequences of the Advocate General’s opinion, as well as the significant harm to the protection of individual rights and the free flow of information that would occur if it were to follow the Advocate General’s opinion.