Safe Harbor 2.0? “Close” But Not There Yet

Published On February 1, 2016 | By Kandi Parsons | Data Security, Privacy

Vera Jourová, the European Union’s Commissioner for Justice, briefed the European Parliament on the status of a new Safe Harbor deal being negotiated between the United States and the European Union. Jourová indicated the parties are “close” to a deal but “additional effort is needed.” Although discussions are still underway, Jourová outlined the four key components that the deal must contain.

Surveillance by Public Authorities

Specific written assurances from the United States must indicate that access to the personal data of EU citizens by the U.S. government will be limited to what is necessary and appropriate with an annual joint review that will evaluate access to data by public authorities.

Independent Oversight and Individual Redress Regarding National Security

An ombudsman with authority and independence might satisfy this by overseeing compliance with the agreement.

Resolution of Complaints About How Companies Process Data

Individual complaints must be resolved. Complaints may first be resolved by the company in question. Alternatively, a dispute can be taken to a European Data Protection Authority (DPA), which can channel the complaint to the Department of Commerce or Federal Trade Commission. Because the FTC does not resolve all individual complaints, there should be an arbitration panel as a last resort.

Binding Commitment from the United States

The commitment from the United States must be formal and binding, with a signature at the “highest level” and published in the Federal Register.

Jourová will be speaking to United States Department of Commerce Secretary Pritzker this evening and will report to European Commissioners tomorrow morning. Committee members in attendance expressed skepticism about whether an agreement would be reached and whether the United States would safeguard EU citizens’ data to their satisfaction. On the flip side, negotiators from the U.S. have expressed optimism for weeks now that a deal will get done. Stay tuned.

 

About The Author

Kandi counsels clients on privacy and data security issues, online and general advertising, and marketing practices, including COPPA compliance, student privacy, and the Internet of Things. Kandi advises companies on collecting, protecting, and using consumer data and helps them develop and implement comprehensive privacy and security programs. Drawing on her tenure at the FTC, Kandi assists clients in responding to FTC and state AG enforcement actions. Prior to joining ZwillGen, Kandi spent eight years in the FTC’s Division of Privacy and Identity Protection. While at the FTC, Kandi served on detail for six months to the United States Senate, Committee on Commerce, Science, and Transportation.

Comments