Yottabytes: Storage and Disaster Recovery

Jan 26 2017   10:00PM GMT

Remember ‘Safe Harbor’? Never Mind

Sharon Fisher Sharon Fisher Profile: Sharon Fisher

Tags:
government
privacy
Safe Harbor
Security

As you may recall, in July the United States and the European Union finally came to an agreement modifying the “Safe Harbor” provisions, which allows companies in the countries to exchange personal data about citizens without having to go through laborious agreements.

The agreement had been in jeopardy since the previous fall, when the European Court of Justice found that, in reaction to the Edward Snowden revelations, the United States did not ensure adequate protection of personal data against surveillance by public authorities for European citizens. Without the Safe Harbor provision, companies that wanted to exchange data between the U.S. and the E.U. about European citizens – such as Google wanting browsing history – would have to individually negotiate elaborate legal agreements. As many as 1500 companies were involved, writes A.J. Dellinger in the International Business Times. So revising it to the Court’s satisfaction was really important.

It took President Donald Trump less than a week to put it in jeopardy again.

On Wednesday, Trump signed an executive order ostensibly to “enhance public safety in the interior of the United States.” But that order also included a provision noting that “Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.” Some experts believe that will mean the E.U. will suspend the agreement.

“While the action may not have been specifically targeting the agreement with the EU, it very well may apply to it by excluding ‘persons who are not United States citizens or lawful permanent residents,’” Dellinger writes. “The phrase would apply to European citizens whose data is traveling across the Atlantic. The executive order puts the U.S. at risk of being sanctioned by the EU for violating its privacy laws and could lead to the suspension of the agreement entirely—a possibility that would be especially troubling for tech companies based in the U.S. who do business overseas.”

It’s also an issue with Canada, writes Michael Geist, a Canadian law professor, in his personal blog. “The decision requires an immediate review by the Privacy Commissioner of Canada on the effect of Canadian personal information and data sharing agreements and a potential re-assessment of what personal information is made available to U.S. agencies,” he recommends.

In response to the executive order, a number of legal professionals are raising the alarm, but it isn’t yet clear what can be done to rescind or modify the executive order to remove the offending paragraph.

In fact, some people in the E.U. had already felt that the protections in the revised Safe Harbor provision were inadequate, and were filing lawsuits, meaning that the Safe Harbor provision was already being threatened without Trump’s action, writes Hogan Lovells in Lexology. “In reality, the future of the Privacy Shield will be linked to the direction of travel of the new Trump administration and the extent to which the assurances given by the previous government on data access controls will stand,” he wrote presciently earlier this week.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: