Catarina Conti
(from the European Parliament)
27 October 2015 – Justice Commissioner Věra Jourová … whose data protection team is responsible for negotiating a new safe harbor agreement … last night told MEPs on the European Parliament’s civil liberties committee that the Commission would “soon” advise businesses on the legal implications of the safe harbor ruling. However, she promised the guidance “cannot and must not replace the work of the data protection authorities in upholding and enforcing data protection rules.” Jourová also suggested a self-certification scheme, such as that in safe harbor could still be a solution if it has more oversight.
MEPs were “not impressed”, bombarding Jourová with questions about whether a new safe harbor agreement was really still possible without a radical change to U.S. national security laws. Jourová said it was “not realistic” to expect the U.S. to change its privacy legislation in the near future, although in the long term “we would like to see deeper reform.” She said this was why the Commission was negotiating with the Department of Commerce and the Office of the Director of National Intelligence on more short-term fixes.
The U.S. team was in Brussels last week for negotiations, the first such meeting since the Schrems opinion from the European Court of Justice (ECJ) which invalidated the existing safe harbor agreement. The EU team is scheduled to travel to the U.S. next month. And the 37th International Conference of Data Protection and Privacy Commissioners is in Amsterdam this week and it dominates the agenda.
Meanwhile, former Swedish Prime Minister Carl Bildt accused the ECJ of basing its safe harbor ruling on a “simplistic philosophy” that runs counter to the free flow of data. “In some European countries, not least Germany, there seems to be a conviction that citizens’ data will be safe only if it is stored on European soil, out of reach of, say, evil American spies,” Bildt wrote in a blog post, noting data localization does not actually stop foreign spies spying. “The solution to privacy concerns lies not in data localization, but in the development of secure systems and the proper use of encryption” he added. For his full blog post click here.