ITIF Welcomes Updated Safe Harbor Agreement, Urges Further Cooperation Between US and Europe

February 2, 2016

WASHINGTON—The Information Technology and Innovation Foundation (ITIF) today released a statement from ITIF Vice President Daniel Castro on the completion of an updated U.S.-EU Safe Harbor Framework to enable transatlantic data transfers:

We commend U.S. and European negotiators for completing an agreement that avoids disrupting the transatlantic digital economy in the near term by ensuring continuity for the thousands of U.S. and European companies providing services across the two markets. Free flow of data across borders is essential to global trade and commerce, and this renewed agreement marks an important step forward for U.S.-EU cooperation.

In the wake of the Snowden disclosures, European citizens and policymakers are understandably concerned about privacy safeguards in U.S. law. But abruptly revoking the Safe Harbor agreement was the wrong way to address those concerns. We are pleased that U.S. and European policymakers have resolved this issue and support the free flow of data between these two markets. We hope the new agreement signifies a line of thinking that will shape future EU policy decisions as well.

Going forward, the United States and EU should make a number of much-needed privacy reforms to continue rebuilding trust and cooperation and ensure the world’s most critical economic relationship continues to endure in the digital age. In the United States, this includes further surveillance reform and passing the Judicial Redress Act. In Europe, this means rejecting protectionist measures, such as a European Cloud, and fully embracing the spirit of a digital single market, not just in Europe, but globally. 

Both countries should also come together to work more closely on important issues such as promoting strong encryption and improving cyber security. And ultimately, the European Commission should reformulate its data protection regulations to replace the “adequacy” standard with a “duty-of-care” provision that requires companies doing business in Europe to be responsible for the actions of their agents and business partners, regardless of where they are located.