The United States and the European Union have reached a new agreement in replacement of Safe Harbor, as announced on February 2. Safe Harbor originally outlined the rules for electronic data transfers between the U.S. and the EU, until it was nullified by a European court for jeopardizing the privacy of European citizens. According to negotiators, the new deal will create a “Privacy Shield” in order to protect European data. Whatever the new agreement might entail, it will affect e-discovery—electronic evidence used in litigation or government investigations—as well as social media and business-related data transfers between the U.S. and the EU.
The European court decision on Safe Harbor’s validity is a result of fundamental differences in the way that Americans and Europeans view privacy. The 1995 EU Data Protection Directive established data protection requirements in the European Union that are far more comprehensive than current laws in the U.S. One of the stipulations of the 1995 law is that citizens’ personal data cannot be transferred to countries lacking sufficient data protection, such as the United States. When the Patriot Act was passed in 2001, the divergence between European and American privacy laws widened even further.
The Safe Harbor framework was considered to be a loophole to the European law. It allowed any individual company with EU privacy certification to transfer data between the U.S. and EU, even though the U.S. as a nation did not comply with the 1995 EU data Protection Directive. Moreover, American companies were only required to self-certify—essentially, a company had only to state that they were abiding by European privacy standards in order to transfer any amount of data.
Max Schrems, an Austrian law student, created an organization called “Europe versus Facebook” (EvF) in order to fight Safe Harbor in court. Although he lost his case before the Irish Data Protection Authority, the European Court of Justice held on October 6, 2015 that “There is no general privacy law or other measures enacted in the U.S. that shows the U.S offers ‘an adequate level of protection’ for personal data relating to European data subjects.”
Some call the new agreement “Safe-Harbor 2.0.” Until more information is provided, it’s impossible to know whether the deal includes real improvements, or just more loopholes.
Article via: Legaltech News, 11 February 2016