U.S. Steps Up Efforts to Make “Safe Harbor Safe Again” – FTC, Justice Department Work to Keep EU Happy and Avoid Pull Back from Safe Harbor


Within the span of two days, both the Federal Trade Commission (FTC) and the U.S. Department of Justice announced initiatives meant to assuage the European Union’s concerns over trans-Atlantic data flows and to secure Europe’s future commitment to the U.S.-EU Safe Harbor initiative.

On June 25, 2014, the FTC approved final orders that settled charges with 14 companies that had falsely claimed their participation in the U.S.-EU Safe Harbor program. Under the terms of their settlements, each of the 14 companies is prohibited from further misrepresenting its participation in any privacy or data security scheme, including Safe Harbor.

One day before the FTC’s announcement, U.S. Attorney General Eric Holder announced in Athens that the Obama administration would ask Congress to enact legislation granting EU citizens the right to bring claims in U.S. courts under U.S. privacy laws if they believe their personal data had been misused. This measure is intended to resolve one of the major sticking points in the broader negotiations for the Data Protection Umbrella Agreement, a framework with the EU to enhance anti-terrorism efforts by providing U.S. law enforcement authorities access to the personal data of individuals living in Europe. However, EU Vice President and Commissioner for Justice, Viviane Reding, was quick to point out that the U.S.’s intent to introduce legislation is not enough to resolve this issue: “Words only matter if put into law. We are waiting for the legislative step.”

The announcements by the FTC and Attorney General Holder are seen as active attempts to rebuild the EU’s trust in trans-Atlantic data flows and to ensure the EU’s further commitment to the Safe Harbor program, both of which had been badly shaken in the wake of the Edward Snowden leaks last year. In October 2013 Commissioner Reding gave the U.S. a 13-point list of “recommendations” to improve the Safe Harbor scheme and to restore Europe’s faith that the U.S. is earnestly fulfilling its responsibilities under the initiative. The EU’s recommendations address issues of transparency, redress through alternative dispute resolution (ADR), enforcement, and the degree to which data from Europe is accessible by U.S. authorities.

Commissioner Reding has previously said that whether “Safe Harbor can be safe again” and avoid further action from the European Parliament depends on the U.S.’s attention to and implementation of the EU’s recommendations by this summer. Otherwise, she will need to discuss the future of Safe Harbor with the Parliament, which has discussed scrapping Safe Harbor altogether.

In addition to criticism from the European Parliament and several European data protection authorities, the Safe Harbor Framework faces a legal challenge on the basis of violations of fundamental privacy rights. On June 18, 2014, the Irish High Court referred to the European Court of Justice (CJEU) several questions around the legality of the Safe Harbor Framework in a case involving the Irish data protection authority, Facebook Ireland and the NSA’s PRISM program (Schrems v Data Protection Commissioner). While a decision from the CJEU will not be issued for some time, the pending legal review puts additional pressure on negotiators for the European Commission and the U.S. government to strengthen the Framework in order to preserve it as a mechanism for international data transfers.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Written by:


Davis Wright Tremaine LLP on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.