FTC’s Brill Responds to Recent Calls in Europe to Reassess Safe Harbor Program
FTC Commissioner Julie Brill defended the safe-harbor program Tuesday at a European Institute event. Some members of the European Parliament have been suspicious of the program -- which allows U.S. companies to self-certify they're complying with EU data privacy directives -- since revelations this year about various U.S. surveillance programs. “No doubt,” the disclosures have “severely tested the close friendship between the U.S. and many of our European colleagues,” Brill said. In the past month, European Parliament members have called for the cancellation, or at least reassessment, of the safe-harbor arrangement. “We have different interpretations” of the legal standards for access to data, said European Parliament Member Jan Philipp Albrecht at Tuesday’s event in Washington. “It’s a huge problem,” he said. “We need to agree on a common basis of protection."
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The safe-harbor program “provides more, not less, privacy protection,” Brill said. Eliminating the “ties that bind” will just continue to erode trust and stanch the “free flow of data and strong consumer data protections,” she said. The safe-harbor program was designed to protect consumers, not tackle national security issues, and the FTC has been the vigilant “cop on the beat,” Brill said. Since 2009, she said, the FTC has brought 10 safe-harbor cases and opened many other investigations. The investigations have uncovered safe-harbor violations at Google, Facebook and MySpace, Brill said, resulting in multimillion-dollar fines and agreements that keep these companies accountable with ongoing privacy audits for 20 years.
FTC safe-harbor investigations often include European citizens, Brill said. Sometimes the investigations even stem from European referrals, she said. “Without the safe harbor, my job to protect European consumer privacy, where appropriate, would be much harder.” Data sharing with Europe is necessary to conduct many FTC investigations, she said. “Safe harbor has been an effective solution, not the problem.” Brill acknowledged many in the room “might have taken a different thought” from the program since the surveillance revelations.
"It’s not about the opportunity of having our adequate safeguards enforced by the FTC,” said Albrecht, the rapporteur for the EU Regulation on Data Protection. “That’s what we really appreciate. It’s about the legal environment and the legal standards on which we talk about this.” There’s a fundamental difference in how the EU and U.S. look at those legal standards, he said. In Europe, “data protection is a human right, whereas in the U.S. it only applies for U.S. citizens and residents,” Albrecht said. “We cannot agree as Europeans that the protection that we have transatlantically falls behind the protection of our human right court."
Those differences shouldn’t lead to a complete safe-harbor dismissal, Brill said. “Do I think it’s perfect? Of course not,” she said. “But I don’t think the fundamental framework … should be renegotiated.” (cbennett@warren-news.com)