EU Presents Strategy To Restore Consumer Confidence In Transatlantic Data Flows


On 27 November 2013, the European Commission (the "Commission") presented a package of initiatives intended to restore confidence in data flows between the European Union and the United States, following the revelations of U.S. intelligence personal data collection programmes. The package presented by the Commission identified six key areas.

The major contribution of this package aims at reviewing the current EU-U.S. Safe Harbour scheme that was agreed in 2000 and which allows for the transfer of personal data from the EU to companies in the U.S. that have self-certified with the U.S. Department of Commerce that they comply with certain privacy principles. The Safe Harbour scheme has proved to be a successful means of personal data transfers from the EU to the U.S. with over 3,200 companies having self-certified.

However, there is a growing concern among EU data protection authorities as to the effectiveness of this regime, in particular in the light of the role played by the U.S. authorities.

Therefore, the Commission calls for a modernisation of the Safe Harbour scheme. The Commission proposed 13 recommendations to strengthen the EU-U.S. Safe Harbour scheme. These recommendations include (i) increased transparency (in particular ensuring that privacy policies of self-certified companies are properly disclosed and available and that these privacy policies always include a link to the U.S. Department of Commerce's website); (ii) making redress affordable and readily available for data subjects (in particular through alternative dispute resolution mechanisms); (iii) more active enforcement by US authorities (in particular through ex officio investigations); and (iv) access to the data by U.S. authorities. On this last topic, the recommendations specify that disclosure to the U.S. authorities, under U.S. laws, for reasons of national security should only occur when such disclosure is strictly necessary or proportionate. The recommendations also encourage self-certified companies to indicate in their privacy policies under which circumstances they will apply exceptions to the Safe Harbour scheme to meet national security, public interest or law enforcement requirements. The Commission will review the Safe Harbour scheme based on the implementation of its 13 recommendations.

In addition to the modernisation of the Safe Harbour scheme, the Commission calls for action in the following areas:

A swift adoption of the EU data protection reform that...

To continue reading