German DPA Says It May Not Comply With New US-EU Safe Harbor Agreement
A conservative German data protection authority (DPA) issued a position paper, in German, on the European Court of Justice’s safe harbor ruling (see 1510060001), saying it disagrees with the European Commission’s opinion that alternative data transfer mechanisms may be used…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
in place of safe harbor, a Hunton & Williams blog post said Wednesday. The paper says that a long-term solution would require a significant change in U.S. law and that mechanisms like consent and EU standard contractual clauses must be evaluated in a new way, the post said. “It is unknown whether other German DPAs will concur with the Position Paper,” it said. The post also noted the paper “does not invalidate any prior adequacy decisions made by the [European] Commission.” However, the paper says the DPA is “considering using the power granted to it by Article 4 of Commission decision 201/87/EU of February 5, 2010 to 'prohibit or suspend data flows to third countries in order to protect individuals with regard to the processing of their personal data,' if the data importer is not able to comply with EU data protection law, or if the requirements of Article 13 of the EU Data Protection Directive 95/46/EC are not satisfied.” In the decision, each EU country is granted the right to review these privacy agreements, which is new, said Perkins Cole attorney Janis Kestenbaum, former adviser to FTC Chairwoman Edith Ramirez, during the Computers, Freedom and Privacy 2015 conference Wednesday. Even if the U.S. and EU can agree on a new safe harbor deal, any individual country could say the agreement isn’t good enough, Kestenbaum said. It should be noted that the court’s decision didn’t say there was any wrongful activity done by U.S. companies or by the U.S. government, said attorney Alan Raul, founder of Sidley Austin's Privacy, Data Security and Information Law practice. What the opinion says is that the EC didn’t adequately assess the adequacy of the U.S. government surveillance system, Raul said. Passage of legislation reforming the Electronic Communications Privacy Act and the Judicial Redress Act are crucial to a new safe harbor agreement, but may not be enough, said TechFreedom President Berin Szoka. Raul and Szoka said the Europeans don’t understand the U.S. privacy and data protection system or how active the FTC is in this arena. Kestenbaum said the EC likely is less concerned than the courts are and said it’s the EC that will be at the table negotiating for a new deal.