“We’re using Model Contract clauses to transfer our data!”
Gregory P Bufithis, Esq.
Founder/Chairman
The Project Counsel Group
12 October 2015 – And so the EU Institutions struggle with the European Court of Justice decision last week that declared the Safe Harbor scheme invalid.
Over the weekend, DG Commissioner Günther Oettinger told Der Spiegel that it is “not likely that the EU and U.S. will strike any grand agreement on data protection soon”. However, he said a new safe harbor was still needed in order to provide clarity for businesses that want to know how to legally handle personal data. He also said the Court’s striking down of the old safe harbor agreement provides an opportunity for “self-criticism” and a “rethink” and the Commission should blame itself for not monitoring U.S. misuse of data more closely.
Note: I have been informed that the Commission has been inundated with requests from corporations and individuals asking for advice on how to proceed with data transfers. I have also been told that no new negotiations with the U.S. have even been discussed.
Meanwhile, while Oettinger was skeptical of the chances for a new data protection deal, Andrus Ansip, vice president for the digital single market, took a more optimistic position. In an emailed statement to Zoya Sheftalovich (Zoya is a technology reporter for the EU edition of POLITICO) he said:
“Safe Harbor was initially designed to better protect citizens, and so it should not be considered as a bad initiative as we can hear nowadays. What is important now is to make it really safe, this is what the Commission has been asking and working on for years and what should be done as soon as possible.”
Not to be a downer, but it’s likely “as soon as possible” isn’t going to be all that soon. Having followed the Safe Harbor negotiations over the past two years and having read the Court opinion and seen leaked drafts of the potential agreement, the Commission’s “safer, safe harbor agreement” (their words) that was “near completion” prior to the ECJ’s ruling has several key elements that will now need to be renegotiated. I will have more in a subsequent post.
And from the “Department of Spin”, both Ansip and Oettinger will meet with business associations this week to discuss the implications of the safe harbor ruling. DigitalEurope, the American Chamber of Commerce and the BSA (that’s the EU business software alliance) are all invited.
While over at the EU Parliament, the civil liberties committee will meet to debate the implications of the Court ruling. They will discuss what the Commission and EU countries have done to “take on board” Parliament’s outraged post-Snowden resolution of March 2014, which set out recommendations around the mass electronic surveillance of EU citizens.
But probably the most important meeting: this Thursday is a plenary meeting of the Article 29 Working Party (the group of all the EU’s data protection regulators, plus the Commission and the European data protection supervisor). My sources tell me it will structure some guidance for dealing with the crisis.