EU's Safe Harbor decision reveals rift between US economic, privacy issues

A Congressional hearing turned combative at times on Tuesday, as legislators discussed the fallout of a European court ruling last month that said a 15-year-old data law was invalid.

Geert Vanden Wijngaert/AP/File
A woman walks by the entrance to the European Court of Justice in Luxembourg on Oct. 5. Members of Congress attempting to clarify how the US should respond to a recent ruling by the court striking down a 15-year-old agreement that governed how data was transferred between the US and Europe.

A Congressional hearing turned testy on Tuesday as lawmakers discussed the complex and sometimes arcane negotiations between US and European companies that share data across the Atlantic.

Legislators had gathered to discuss how companies should navigate the fallout from a European court decision last month that axed the 15-year-old agreement that governed how the two regions share data. But concerns about privacy – especially regarding US government surveillance – reverberated through much of the debate, with one lawmaker calling privacy issues the “elephant in the room.”

The Safe Harbor agreement – which affects how about 4,500 American companies use data collected from European citizens – has a host of implications, from how Facebook shares user data abroad to how multinational corporations should handle employee information. A European Union working group said it has negotiated a revised Safe Harbor deal, but the final agreement could take several months.

While lawmakers from two subcommittees of the House Energy and Commerce Committee agreed Tuesday that passing a new Safe Harbor agreement was instrumental to restoring the economic relationship between the US and the EU, the debate over privacy issues appeared far less settled.

“I’m in a little bit of a dilemma,” said Rep. Joe Barton (R) of Texas, who co-chairs the Congressional Bi-Partisan Privacy Caucus. “If I put my pro-business hat on, I want to renegotiate this Safe Harbor agreement as soon as possible. But if I put my privacy caucus co-chairman hat on, I think the European Union has highlighted a substantial issue, that US privacy laws aren’t as strong as they could be.”

Part of the conflict was arguably by design. The European Court of Justice’s ruling was sparked by a lawsuit filed by Max Schrems, an Austrian law student who argued that European authorities should be able to investigate his claim that Facebook was exposing his data to US surveillance by passing it from servers at the company’s European headquarters in Dublin back to the US.

Companies have strongly fought back against this contention, blasting the European court’s decision as going too far and possibly leading US firms to face harsher standards than those that apply to European companies.

“There is a serious disconnect between the EU’s stated goals of spurring innovation and fostering a start-up culture and statements by some European officials about the need for IT independence and calls for data localization,” said John Murphy, senior vice president for international policy at the US Chamber of Commerce, during the hearing Tuesday.

Victoria Espinel, president of the software industry trade group BSA, told lawmakers that robust security protections were already in place to prevent unauthorized data transfers. Ultimately, she says, technology firms hope the EU and the US will work toward a broad policy – beyond just a new version of Safe Harbor – that would both address privacy concerns and allow the companies to keep working in Europe.

Rep. Jan Schakowsky (D) of Illinois said in an opening statement that she was preparing to introduce a bill that would provide stronger security standards on a variety of personal data that could be affected by the court’s decision, including geolocation data, health records, biometric details, and information on e-mail and social media accounts. She says she wanted to balance the likely economic impact on US companies with privacy concerns.

But other lawmakers expressed skepticism.

“Is it your position that US persons and non-US persons should be treated identically with respect to government collection of surveillance data?” Rep. Mike Pompeo (R) of Kansas asked Marc Rotenberg, president of the Electronic Privacy Information Center, which has advocated for stronger privacy protections for both European and American citizens.

When Mr. Rotenberg agreed, Rep. Pompeo pounced on the response.

“Fair enough,” he said, “Just so you know, that would be ahistoric. You could well be right about it being proper, but no nation has ever behaved that way with the collection of data for their own citizens... There’s always a wrinkle, there’s always an exception... I actually think the United States does a remarkable job of protecting citizens all around the world and protecting their data in their efforts to keep us all safe—"

Rotenberg interrupted, saying, “Sir, may I ask – do you think the Office of [Personnel Management] has done an excellent job protecting the records of federal employees?" referring to the recent OPM hack that exposed a variety of sensitive information.

“No sir, there’s errors all along the way—” Pompeo responded, but Rotenberg jumped back in.

“Twenty-one and a half million records — SF 86s — those are the background investigations for federal employees,” he said.

“I filled one out, I think mine was released as well, sir, so I’m infinitely familiar with that, I’m simply asking about policy,” Pompeo said, before moving on to another question.

Later, Rotenberg pointed to the large scale opportunity offered to regulators to address privacy issues through the European court’s decision.

“Privacy really does cross the aisle,” he said. “It’s also important in the context of this hearing to understand that there’s a difference between the political dimension of negotiations ... and a judicial decision by the top court in Europe."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to EU's Safe Harbor decision reveals rift between US economic, privacy issues
Read this article in
https://www.csmonitor.com/Technology/2015/1103/EU-s-Safe-Harbor-decision-reveals-rift-between-US-economic-privacy-issues
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe