Is the Safe Harbor Agreement Still Adequate? | DMA
DMA - Data and Marketing Association

Filter By

Show All
X
Start Contributing
My Contributions
X
X

Connect to

X

Is the Safe Harbor Agreement Still Adequate?

21 Apr 2015

T-55362ca590c4c0481917_55362ca590b92-3.jpg

The Safe Harbor Agreement has, once again, been thrust into the limelight with its adequacy in question. “Does it really protect EU citizen data?” is the question that Max Schrems has taken all the way to the European Court of Justice (ECJ). And he wants answers!

Who is Max Schrems?

Schrems is an Austrian law student who has brought a class action against Facebook Ireland for the inadequate protection of EU citizen data. He founded the Europe-v-Facebook group so that he can challenge the adequacy of the Safe Harbor Agreement and try to make a change. His website now also provides news, legal information and tools to help others understand and enforce their rights.

Europe-v-Facebook: the facts

The class action was brought against Facebook Ireland, who are responsible for all Facebook accounts outside of the US and Canada, for alleged privacy breaches against EU citizens. The main point to come out of the case so far is the effects of the US National Security Agencies PRISM Scheme. Under US law US government agencies have the power to access the personal data of non-US citizens and impose secret “gag orders” on US companies which forces them to hand over this personal data and not disclose the fact to anyone. With these laws in place, can any US company truly protect the data of EU citizens?

What does this mean?

An international organisation wishing to transfer data out of the EU into the US can do so if they are certified under the Safe Harbor Agreement as having adequate data protection policies in place. What Max Schrems is arguing is that this is surely impossible. Through no fault of their own US companies who are certified under the Safe Harbor Agreement cannot guarantee the level of protection necessary to comply with EU law. All US companies are subject to US law, meaning the NSA can hand them a court order forcing them to hand over data.

What has Europe said?

Under the current Data Protection Directive “the transfer of personal data to a third country which does not ensure adequate protection must be prohibited” and in a recent hearing of Schrems case the European Commission admitted that they could not confirm whether the Safe Harbor afforded adequate protection. According to the current Directive if the Commission cannot guarantee adequacy then they must stop the transfer of data out of the EEA. Surprisingly they have not prohibited anything in response to the Europe-v-Facebook case, they chose to ‘advise’ EU citizens that “If you don’t want your data to go to the US, close your Facebook”. The Commission have failed to see, or chose to ignore, the fact that it’s not just Facebook who are subject to “gag orders”, it is all US-based companies. This severely damages the integrity of the Safe Harbor Agreement.

Summary

What the Europe-v-Facebook case has done is highlight the issues surrounding the Safe Harbor Agreement bringing it to the public attention yet again (remember Edward Snowden?), with some calling for it to be binned. However, a suspension of the agreement would have a detrimental effect on both American and European companies so it is in everyone’s best interest that it remains in place, but with improvements made.

So, is the Safe Harbor adequate? Personal opinions aside, we are still waiting to find out if it is adequate or not. There are two things you need to be aware of!

1. Vera Jourova, the EU’s Commissioner for Justice, is currently in negotiations with her US counterparts to make changes to the Safe Harbor Agreement so it can be improved rather than suspended. Jourova intends on finishing negotiations by the end of May 2015, hopefully giving us some clarity. All we can do now is wait for the new and, hopefully, improved version of the Safe Harbor Agreement.

2. The ECJ will announce their decision in the Europe-v-Facebook case on the 24th June 2015 so we will have the adequacy question, hopefully, answered!

Ashleigh Wood Ashleigh Wood

Communicator
Cyber Security Executive

Hear more from the DMA

Please login to comment.

Comments

Related Articles

How to market effectively and sustainably

When thinking about sustainable marketing, often we think about the channels we use, or materials we use in a physical sense. We overlook things like the audience targeting, data cleanse & optimisation, which have a big impact on minimising wastage.

1714037684255.png

The Power of Customer Journey Analytics in Telecommunications

The telecom industry boasts an array of touchpoints, presenting both opportunities and challenges for marketers. Ensuring that campaigns not only resonate but also yield results is critical.

iStock-1473164518-modified-f4e3c11c-cd81-417a-a5bf-adaf217da044.jpg

Managing Customer Data Silos in Telecommunications

The telecommunications sector grapples with a pressing issue: customer data silos.

iStock-1180187740 600x400.jpg

The Importance of Data Quality and Data Confidence in Customer Experience

We live in the information age, where customer insight expands with every click, swipe, and interaction.

iStock-1363814424 600x400.jpg

Expand

Copyright DMA 2024 © All Rights Reserved