Brussels, 06/10/2016. Europe must immediately suspend the ‘Safe Harbour’ data agreement with the US and initiate a new, more ‘solid’ data-protection framework, says the Chair of the European Parliament’s LIBE civil liberties Committee Claude Moraes. His statement follows the latest ruling from the European Court of Justice in the case regarding Facebook’s transfer of EU citizens’ data to the US.
“I welcome the European Court of Justice decision today, as it finally backs up the repeated calls from the European Parliament for the suspension of the US Safe Harbour framework on the grounds that it does not ensure the adequate level of protection required by EU data protection law,” said Mr Moraes.
Compared to the strong, enforceable, data-protection legislation in the EU, he said, Safe Harbour offers completely inadequate protection for EU citizens using services from US companies, as Edward Snowden’s disclosures have brought to light. He pointed out that the existing agreement provides no protection in particular from mass surveillance activities, as it contains a national-security exemption which has never been clarified.
“The decision by the European Court of Justice today declaring the invalidity of the Safe Harbour agreement forces the European Commission to act, in order to ensure that transatlantic transfers of personal data of EU citizens to companies in the US offer the continuity of protection required by EU law, and to come up with an immediate alternative to Safe Harbour. The Commission has been in negotiations with the US for over a year on improving the framework, but we have still received no update on these discussions.”
Mr Moraes said that the European Commission must put forward a completely new and strong framework for transfers of personal data to the US, one that complies with requirements of EU law as enshrined in the Charter of Fundamental Rights and EU data protection rules, and one that provides EU citizens with solid, enforceable data-protection rights. It will also require effective independent supervision, he said.
A not-so-safe harbour
The 2000 Safe Harbour agreement allows companies to transfer European citizens’ private data to the US if they vouch for adequate privacy protection as set out in the agreement. More than 3,000 companies currently use Safe Harbour for the transfer of data, including firms like Facebook, Google and Microsoft.
Since Edward Snowden went public with his revelations about the scope of state spying in the US and in Europe, the European Parliament has repeatedly called for the suspension of Safe Harbour, most recently in its 2014 resolution on the surveillance carried out by the NSA. In addition, the European Commission in November 2013 issued 13 recommendations on how to restore trust in Safe Harbour.
To date, no comment has been made on how to handle the secure transfer to the EU of data on US citizens’ movements and activities.
Press release from the EU Court of Justice: Judgement in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (6 October 2015) http://curia.europa.eu/jcms/upload/docs/application/pdf/2015-10/cp150117en.pdf