Revisiting the Safe Harbour – Promoting Trade and Trust in the Digital Economy

Revisiting the Safe Harbour – Promoting Trade and Trust in the Digital Economy

November 25, 2015 by admin

Yesterday, ICOMP held a seminar titled, Revisiting the Safe Harbour – Promoting Trade and Trust in the Digital Economy. Comprising a panel of experts including Auke Haagsma, ICOMP Director; Jonathan Bamford, Head of Strategic Liaison, UK Information Commissioner’s Office; Dan Cooper, Covington & Burling LLP; Dr Ian Walden, Professor of Information and Communications Law, Queen Mary, University of London; and Dr Chris Francis, Government Relations Director, SAP, the seminar dealt with the key questions surrounding the recent ruling by the European Court of Justice on Safe Harbour.

Opening the debate, the Chair of the discussion, Auke Haagsma, spoke of the work ICOMP has done over the years on data protection, both to help its members understand the issues and assist regulators and legislators in better understanding how rules impact the various realities. This event, he said, has to be seen in this way and will help our members in assessing the implications of the Schrems Decision and what it means for privacy and online commerce.

Responding to comments of increased uncertainty following the decision, Jonathan Bamford said that the ICO understands the impact created by the Court’s decision but advised organisations not to panic or rush to “less than ideal mechanisms.” According to Bamford, the ICO will not be sending out enforcement notices en masse but will look at complaints on an individual basis and will continue to work closely with other Data Protection Authorities.

Speaking of the initial reaction to the European Court of Justice ruling, Dan Cooper said the decision was met with “surprise and shock” by many companies. In particular, Cooper highlighted the various aspects in which levels of uncertainty have taken effect. The enforcement of the ruling, for example, is just one element which is lacking in clarity, according to Cooper. The solution, he said, needs to work for both sides as this is “not just a US issue.” Safe Harbour provides a bridge for US companies to learn about European privacy norms and how they differ from their own, Cooper concluded.

Dr Ian Walden claimed the decision represents a call for a new legal framework for law enforcements access to data, adding that network providers need greater certainty on data transfer. He, along with Cooper, was sceptical of the arguments put forward as part of the Schrems decision. Walden stated, “The Judge thinks that ‘National Security’ is defined with sufficient precision…. Since when has ‘National Security’ had clear and definable boundaries?”

Giving his perspectives on where we currently stand, Dr Chris Francis said that the Court’s decision means changes will occur and expressed relief that DPAs were not rushing to use enforcement actions. Francis also added that many companies which are not harvesting consumer data have been caught up in the crossfire, following the Court’s decision. He stated, “It’s worth bearing in mind for many organisations in the B2B space and less data-driven organisations in more physical markets, there are compliance issues that are incidental to business.”

During a lively question and answer session with the audience, the panel mused on whether a Safe Harbour 2.0 would provide the lasting stability that is currently desired. There was agreement that the ECJ decision may make such certainty very hard to achieve. However, also highlighted was the need for the EU and the US to provide an effective framework to allow for transatlantic data transfers. This will allow for the continued facilitation of innovative business solutions, while at the same time will protect users’ privacy and allow for legitimate access to data for law enforcement and security purposes.

The panel also agreed that the setting up of localised data centres was only a semi-fix as questions remain on who owns the data and who can access it. This is because the location of the data does not prevent the data controller receiving requests to hand over certain data from national agencies in other jurisdictions.

As varied as the views of the panel were, the speakers were agreed in the need for the debate to centre on achieving legal certainty and stability. Only through this approach will providers and consumers on both sides of the Atlantic feel comfortable in the way they collect, manage, and use consumer data.