|January 6, 2014|
Previously published on January 2, 2014
As we have previously reported, the European Commission (the Commission) issued a report on 27 November 2013 identifying a number of actions that it considered necessary to restore the trust in data flows between the United States (US) and the European Union (EU), following the NSA/Snowden revelations (particularly those revelations concerning how the NSA was accessing and monitoring EU citizens’ data and private communications).
Following a talk given by the Federal Trade Commission’s (FTC) Judie Brill at a Council on Foreign Relations panel on data protection and privacy on 17 December 2013, we now have some indication as to just how receptive the US authorities may be to the Commission’s recommendations. Given that the FTC is the US’ federal level privacy regulator, FTC Commissioners such as Brill are well placed to comment on the Commission’s report as well as on how trust may be rebuilt between the continents.
Ms Brill was on the whole positive about the Commission’s recommendations saying that the US authorities should take a “serious look” at them. However, perhaps unsurprisingly, she appeared to view this more as an opportunity to remove the “irritants” contained in the EU/US cross border transfer of data regime, particularly Safe Harbour (a regime for the transfer of cross border data whereby US companies self-certify that they will adhere to privacy standards which are broadly similar to those contained in the EU Data Protection Directive) rather than a chance to make sweeping changes. For example, she noted that whilst 80% of US companies that had signed up to Safe Harbour provided EU citizens with access to a free alternative dispute resolution service if the EU citizen wished to complain about the US business, 20% still required EU citizens to pay in order to have their data privacy complaints independently adjudicated. Brill considered that resolving easily-fixable measures like this should be a major short term goal.
In more general terms, to the extent that Ms Brill’s comments can be seen as representative of the US regulatory authorities as a whole, the US regulator appears relieved that the Commission is looking to strengthen rather than revoke Safe Harbour. Perhaps Brill’s most interesting comment was her view that Safe Harbour had become an “easy target” in the aftermath of the Snowden revelations, but that it was not necessarily the “right target” and that, instead, government surveillance itself should be addressed if this was the source of concern.