How Europe, US can solve Internet privacy
Europe’s highest court ends an agreement that allows data to flow freely between the EU and the US. Both sides must now find ways to build trust into data collection and lower fears of a loss of privacy.
A Facebook logo is seen in front of the logo of the European Union. The European Court of Justice (ECJ) ruled against Safe Harbour agreement, which is used by companies such as Facebook and MasterCard. The Safe Harbour framework agreement was established 15 years ago to enable companies to easily transfer personal data to the United States without having to seek prior approval, a potentially lengthy and costly process.
Reuters
For two decades, Europe and the United States have managed to balance their differing views on how to protect a person’s privacy on the Internet. On Tuesday, Europe’s highest court abruptly invalidated a 2000 agreement that had allowed data to flow freely across the Atlantic under voluntary rules on privacy. The court insisted on strict and mandatory protections.
Now companies such as Facebook and Google face the prospect of losing business in Europe or perhaps seeing a massive crackdown on their collection of information about customers.
The decision is the result of a complaint by an Austrian, Max Schrems, who alleges that Facebook passed his personal data on to the National Security Agency. The 2013 revelations about the NSA’s data collection, often from private companies, have heightened European sensitivities over privacy in dealing with American firms.
The Continent sees privacy as a basic human right, reflecting its 20th-century experience of totalitarian regimes. Americans, on the other hand, are more trusting of data companies, relying on a combination of their own computer wits, security software, watchdog groups, and government regulators, and the fact that data companies want to keep customers.
With the court’s decision, officials from the US and EU hope to come up with a new agreement soon before transatlantic digital commerce grinds to a halt and the Internet becomes balkanized by the world’s two leading economies. Their work should help set new global standards on data privacy.
Each side should consult an important report issued in June on how to balance privacy and the need for data collection by governments and business. It was written by David Anderson, a specialist on EU law, for the British government. The title alone gets to the heart of the matter: “A Question of Trust.”
In his 373-page report, Mr. Anderson lays out specific ways to bring proportion and nuance to a debate that is driven largely by fear. “Both sides are motivated by fear: not least, their common fear that technological change will throw into jeopardy what they hold to be most important,” he stated. Meanwhile, “The silent majority sits between those poles, in a state of some confusion. The technology is hard to grasp, and the law fragmented and opaque.”
He says privacy is key to concepts such as identity, dignity, autonomy, independence, imagination and creativity. It “facilitates trust, friendship and intimacy: qualities that allow us to relate freely to each other....”
Finding a trustworthy arbiter that can balance privacy and other interests, such as security and business, is not an easy task. Judges, regulators, laws, and other means must be found to build that trust.
The EU and US are back to basics now in finding a trustworthy way for the Internet to grow while honoring each side’s views on privacy. The court decision can now help officials replace the fears with ideas and practices that work for both sides.