It is well known in the world of privacy that the European Union has a very different view of privacy than the United States. Because of the differing views and in an effort to bolster trade between Europe and the United States an agreement was reached in 1998 known as the Safe Harbor. This agreement allows certain companies to self identify and certify that their privacy policies comply with the European Union’s Directive of Data Protection.
However, in January of 2012 the European Commission started a comprehensive reform of data protection rules for the European Union. Which gives a great deal of comprehensive rights to citizens of European nations, to be enforceable throughout the European Union, and allowing for individual redress which does not end at the boarder of each individual country. The privacy protection rules also apply to the transmission of data from a place within the European Union to a third party country (allowing transmission only to countries the sufficiently protect the rights of European citizens). While consistency within the European Union has been achieved, the deviation between what the European Union has considered a privacy rights and what is readily enforceable within the United States boarders may be a different story.
On September 23rd the European Court of Justice’s Advocate General Yves Bot stated in a non-binding advisory opinion that the Safe Harbor does not adequately protect European citizen’s privacy. In his opinion he states that the Commission acknowledges that there is, “no guarantee that the right of citizens of the Union to protection of their data will be ensured. However, in the Commission’s submission, that finding is not such as to render that (Safe Harbor)decision invalid.” Moreover, Bot stated that he did not share the Commission’s views; urging, “[i]n the meantime, it must be possible for transfers of personal data to the United States to be suspended at the initiative of the national supervisory authorities or following complaints lodged with them.”
Furthermore, Bot concluded that even if the Commission finds that the protections offered by the United States are sufficient it “cannot eliminate or even reduce the national supervisory authorities’ powers under the directive on the processing of personal data.”
“If a national supervisory authority considers that a transfer of data undermines the protection of citizens of the EU as regards the processing of their data, it has the power to suspend that transfer, irrespective of the general assessment made by the Commission in its decision.”
Thus, if the European Court of Justice views Bot’s opinion to be accurate and the Commission for the European Union adopts their current stance that the Safe Harbor is valid, then even with a validated Safe Harbor decision each countries national supervisory authority has the power to decline data transfers.
Critics of the opinion appear shocked by Bot’s opinion, stating that he is basing his work on old law and that there is misunderstanding of legal context.
Yet, at the very core of the Safe Harbor debate is the clashing of the fundamental philosophies by which the United States and the European Union view the right to privacy. The current debate, which Bot echoes in his opinion, has been in the adoption of the whether transmission of data for law enforcement purposes will be allowed and to what extent. While Bot’s opinion as Advocate General may only be advisory in nature it is rare that it is not adhered to, which may or may not influence the Safe Harbor negotiations. In any case one thing remains certain, trade between Europe and the United States must continue, thus a binding Safe Harbor must exist to give Businesses in both the United States and Europe a chance to compete and thrive globally.