Europe is on the cutting-edge of privacy protections, and has been for quite some time. The European Directive on privacy, the Data Protection Directive, was adopted in 1995 and regulates the sharing and processing of personal, private information between companies located in the United States (and elsewhere) and those located within the European Union. In Europe, privacy is paramount, and it applies an “adequacy” test to other non-European countries’ privacy laws to determine whether they are sufficient to allow those countries to get their hands on European citizens’ private information.
For years now, United States companies have able to share and transfer protected, private customer information with their European brethren through a long-established practice designed to protect Europeans from having their privacy interests compromised. That practice was known as a “Safe Harbor.” That is, companies that qualified for Safe Harbor protections were allowed to send and receive protected personal information of European citizens without having to comply with the particular provisions of Europe’s Data Protection Directive. In maritime vernacular, it was a port for U.S. companies who found themselves in the privacy storm existing in European waters. But, thanks to Eric Snowden — who purportedly leaked top secret documents about United States surveillance programs — that Safe Harbor is no more.
Apparently the “PRISM mass surveillance program” uncovered by Mr. Snowden contributed to the European Court of Justice’s finding that the United States’ Safe Harbor protections did not meet the “adequacy” standard required by the European Directive in order to transfer private information back and forth between our country and our European allies. “This decision is a major blow for U.S. Global surveillance that heavily relies on private partners,” said Max Schrems, the man who brought suit against Europe’s Data Protection Commissioner for failing to investigate a complaint he made about Facebook Ireland Ltd.’s transfer of personal data to the United States. The U.S. Department of Commerce, which oversees implementation of the Safe Harbor program, registered its disappointment. “[This decision] creates significant uncertainty for both U.S. and EU companies and consumers, and puts at risk the thriving transatlantic digital economy.”
What to do next is unclear; but British authorities have urged everyone to “keep calm,” as they say, until they have further time to vet the decision and decide how to best coordinate a response with other data protection authorities throughout Europe.
Stay tuned.
