Modern field guide to security and privacy

Opinion: Forget about Safe Harbor. Modernize global privacy law instead

When the European Court of Justice invalidated Safe Harbor, it became clear that a single data agreement couldn't account for all the ways countries balance privacy, freedom of expression, and national security.


There's a widening transatlantic divide regarding privacy rights that needs to be bridged – and soon.

But instead of coming up with another version of the data transfer agreement between the US and European Union known as Safe Harbor, we need a new set of global standards to build a common vision of privacy rights in the Digital Age.

That might sound unachievable and impractical to the more than 4,500 European and US firms that have relied on Safe Harbor for more than 15 years to transfer EU data stateside. But when the European Court of Justice invalidated that deal, in the aftermath of the Edward Snowden revelations that Europeans' data was subject to National Security Agency surveillance, it became clear that a single data agreement couldn't account for all the ways countries balance privacy, freedom of expression, and national security.

As Yale Law School Prof. James Whitman has argued, "in the law of privacy ... the contrast between Europe and the United States is stark and is growing starker."

What's more, it's becoming clear that European and US negotiators won't find a way to repair Safe Harbor before the Jan. 31 deadline that EU data protection authorities set for a new deal. Without that revised arrangement to safeguard Europeans' data from US government snooping, EU regulators have threatened "mass enforcement of illegal data transfers" starting as early as February.

Even if negotiators reach a last-minute deal on Safe Harbor, it would still face legal challenges in the EU from both European citizens and data protection authorities questioning the deal’s adequacy.

But a new Safe Harbor is simply a Band-Aid. Instead, let's start a dialog to clarify and upgrade global privacy standards. Let's flesh out the right to privacy mentioned in the 1948 Universal Declaration of Human Rights, which was expanded upon by the 1966 International Covenant on Civil and Political Rights (ICCPR) that has been signed by more than 160 nations including the US.

In particular, Article 17 of the ICCPR states, "No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation."

We also need a new protocol in the convention, updating Article 17 to include the "digital sphere" so as to create "globally applicable standards for data protection and the protection of privacy in accordance with the rule of law."

The German government – notably German Federal Data Protection Officer Peter Schaar – has pushed this approach, which was approved by the International Conference of Data Protection and Privacy Commissioners in 2013. Its passage was notable both for its timing – participants have been calling for a treaty guaranteeing data protection and privacy as a human right since 2005 – and the diverse array of participants involved include Japan, New Zealand, France, Slovenia, Ireland, Spain, Germany, Burkina Faso, Canada, and the US.

Only the US abstained in the final vote. That was a mistake. If the US were to support Germany and other nations' efforts, it would send a powerful message to both the EU and to the US tech sector that Washington is committed to modernizing international privacy law.

The German government has long argued that international privacy law has lagged behind digital realities, though the tenor of the debate changed following Mr. Snowden's leaks. Still, privacy guidelines remain largely nonbonding. That is not to say that the situation has remained stagnant. The UN General Assembly took action in late 2013, passing a consensus resolution on “[t]he right to privacy in the digital age” affirming that human rights including privacy and freedom of expression apply online in a move that could contribute to a positive cyberpeace.

Without clarification, the utility of the ICCPR and human rights law generally to advancing global privacy law will continue to be undermined by spy agencies and private industry. But with renewed support, several ICCPR provisions – including Article 17 (protecting the right to privacy) and Article 19 (protecting the right to seek information) – would have new life as applied to data privacy.

Supporting the drive for a new protocol would seem to be the most politically palatable option for US policymakers in the near term, but there is an argument to be made that these options are not mutually exclusive – negotiations could begin on a new international privacy treaty in tandem with mutually reinforcing work on a new Protocol to Article 17.

US engagement in any of these options beyond Safe Harbor would send a powerful message to the world that would help rebuild trust in both the US government and the US tech sector – providing businesses with greater certainty, and helping to narrow the widening transatlantic rift over data.

Scott Shackelford serves on the faculty of Indiana University where he teaches cybersecurity law and policy. Follow him on Twitter @sjshacke

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Opinion: Forget about Safe Harbor. Modernize global privacy law instead
Read this article in
QR Code to Subscription page
Start your subscription today