US and EU Should Come Together on Privacy Protections to Avoid Disrupting Digital Trade

WASHINGTON—Daniel Castro, vice president of the Information Technology and Innovation Foundation (ITIF), released the following statement ahead of the impending European Court of Justice decision on the U.S.-EU Safe Harbor Framework:

In the digital economy, the free flow of data across borders is essential to global trade and commerce. But a prerequisite to moving data between countries is a legal framework that allows information to be protected after it is transferred.

The Safe Harbor agreement has been the cornerstone of the transatlantic digital economy since before global companies like Facebook were founded. But in the wake of the Snowden disclosures, European citizens and policymakers are understandably concerned about privacy safeguards in U.S. law. European policymakers want to be sure the Safe Harbor provides their citizens the same level of privacy protections afforded to them domestically. Completely revoking the Safe Harbor agreement—which is used by more than 3,000 companies in the United States and EU—is not the answer and would wreak havoc on global digital commerce.

Instead of nullifying the Safe Harbor, policymakers in the United States and EU should work together to make a number of much-needed privacy reforms. Most urgently, now that the United States and Europe have settled the Umbrella Agreement for exchanging data related to criminal activities, policymakers should also finish the process of updating the Safe Harbor agreement with terms that give comfort to all parties. In particular, the updated agreement should reflect the EU request that a national security exception is used only to the extent that it is strictly necessary and proportionate for a given incident.

While the USA Freedom Act was an important step forward in reforming U.S. surveillance practices, it was only the first in a series of steps lawmakers should take to restore confidence in U.S. technology providers by clarifying the privacy safeguards in U.S. law enforcement and national security policies and practices. To address European concerns about the privacy of their citizens’ data, Congress should pass the Judicial Redress Act to allow non-U.S. citizens to bring civil actions against the United States for violating the Privacy Act. U.S. policymakers also should move forward on reforming the Foreign Intelligence Surveillance Act.

Europe also has to make reforms, including fully embracing the digital single market. Individual countries should not be able to set their own digital policies, including for privacy, or overrule the EU Commission, as doing so would fragment the digital economy. The EU digital single market cannot be about “Fortress Europe.” It needs to be the first step toward a transatlantic digital single market.

If the United States and Europe do not come together to resolve these issues, both parties will suffer greatly. If EU data cannot be stored or processed in the United States, it damages European users of technology, both businesses and consumers. Everyone benefits from finding a workable solution that avoids undermining the transatlantic digital economy.