Finally! Safe Harbour Agreement under question by EU commissioner

By EDRi · July 31, 2013

This article is also available in:
Deutsch: [Endlich! EU-Kommissarin stellt „Safe Harbor“-Abkommen in Frage |]

On 19 July 2013, during the informal Justice Council in Vilnius,
Lithuania, EU justice commissioner Viviane Reding stated for reporters
that her services will be reviewing the so-called Safe Harbor Agreement.

The agreement, concluded 13 years ago between the US department of
commerce and the European Commission, based on a clause in the current
1995 EU Data Protection Directive, does no longer seem as “safe” as the
title currently implies.

“The Safe Harbour agreement may not be so safe after all. It could be a
loophole for data transfers because it allows data transfers from EU to
US companies – although US data protection standards are lower than our
European ones. I have informed ministers that the Commission is working
on a solid assessment of the Safe Harbour Agreement which we will
present before the end of the year,” said Reding.

Within the agreement, around 3 000 companies have voluntarily signed up
to follow a binding set of data transfer rules based on seven principles
– notice, choice, onward transfer, security, integrity, access, and
enforcement. However, the agreement includes low data protection standards.

In 2010, the US consultancy company Galexia found a number of
irregularities in the agreement and reported that 200 companies had
falsely claimed to have joined the agreement and that only 350 companies
had complied with the minimum standards of the agreement.

Hence, the US Federal Trade Commission (FTC) has issued orders on Twitter, Google, Facebook and MySpace to be regularly audited and in November 2012, asked Google to pay out 22.5 million dollars for having planted cookies on Apple’s Safari Internet browser.

Reding’s announcement on Safe Harbor comes in the context of the PRISM
programme revelations which have pushed the European regulators to
finalise negotiations on the data protection regulation and its
adjoining directive, the post-Stockholm programme on future justice
priorities. The German and French ministers have sent a joint-letter to
the legislative saying that the negotiations between the European
Parliament and the member states for the data reforms should be
finalised before the end of the Lithuanian EU Presidency that is, by the
end of 2013.

“It is good to see that the French and German ministers have reaffirmed,
in a joint declaration, that we need a high level of data protection for
European citizens, which strikes the right balance between freedom and

It is also good to see that they have both committed to quickly adopting
the reform of Europe’s data protection rules that the Commission put on
the table in January 2012.

PRISM has been a wake-up call. The data protection reform is Europe’s
answer,” said Reding in Vilnius.

EU questions decade-old US data agreement (22.07.2013)

Informal Justice Council in Vilnius (19.07.2013)