This morning, the European Commission released its report on the state of the US-EU Safe Harbor, a mechanism that provides for international data transfers, proposing a series of recommendations designed “to restore trust in data flows between the EU and the U.S.” Europeans have long been critical of the Safe Harbor — and America’s free-wheeling attitude toward privacy in general — but the Summer of Snowden provided a perfect pretext to “reconsider” the efficacy of the Safe Harbor.
America’s hodgepodge or “sectoral” approach to privacy has increasingly placed U.S. officials on the defensive, and there’s no question the Safe Harbor can be improved. However, conflating Safe Harbor reform with justified anger about expansive NSA snooping is counterproductive. First and foremost, while public and private data sharing is increasingly intermingled, government access to data is not the same as commercial data use. The Safe Harbor was explicitly designed to protect the commercial privacy interests of EU citizens.
It was not created to address national security issues, and the Safe Harbor specifically provides an exception from its requirements “to the extent necessary to meet national security, public interest, or law enforcement requirements.” As FTC Commissioner Julie Brill has noted, national security exceptions to legal regimes are not unusual. For example, the HIPAA Privacy Rule permits the disclosure of private health information in the interest of national security, and even the EU’s stringent Data Protection Directive includes an exception for state security or defense.
Read More…