Tech & Rights

Instead of Safe Harbor 2.0, NGOs Propose Privacy Reforms

The EU and US are attempting to negotiate a revised Safe Harbor agreement, but civil society groups are skeptical that it will be sufficient.

by LibertiesEU
Leading human rights and consumer organizations have issued a letter to urge the US and the EU to protect the fundamental right to privacy.

EU Commissioner for Justice, Consumers and Gender Equality Věra Jourová recently travelled to Washington, D.C., to discuss the possibilities to replace the invalidated Safe Harbor data transfer framework. In addition to negotiating with American officials - Secretary of Commerce Penny Pritzker in particular - Commissioner Jourová also took the time to meet with US civil society organizations on November 13, 2015.

Protections must stay

On that occasion, the groups warned that without significant changes to domestic law and international commitments by the United States, a 'Safe Harbor 2.0' would almost certainly fail. The NGOs recommended 13 proposals for the EU and the US (six for the EU, six for the US, and one for both) that are necessary after the judgment.

The paper argued that it is critical to conclude the General Data Protection Reform by the end of 2015, and the EU must keep or increase the level of protection for privacy and data protection. The EU should follow the opinion of the Article 29 Working Party and ensure that “no portion of the GDPR lessens protections or reduces the rights of individuals within the EU” and that “harmonization of a high level of protection remains the goal.” In the meantime, EPIC supports the European approach that “the objective of protecting personal data should be achieved without limiting innovation.”

Judicial redress for all

Among other requirements, the NGO leaders have called for a comprehensive privacy framework in the US, which includes the establishment of an independent privacy agency and the modernization of the Privacy Act of 1974 to provide meaningful judicial redress to all person (including non-US persons!) whose data is stored by a US federal agency.

Additionally, the EU and the US should stand up for strong encryption and reject any law or policy that would undermine the security of consumers and Internet users. Both parties should end the mass surveillance of people and the EU must ensure that fundamental human rights such as privacy are respected in the face of political urgency for more intrusive surveillance laws and practices to generate false assumption of higher level of safety and security.

13 proposals

Finally, the organizations propose that the EU and the US should commit to an annual summit with the full participation of civil society organizations to assess progress towards these goals.

Commissioner Jourova welcomed the comments of the civil society organizations. The signatories included the following partners of Liberties.eu: Belgian League of Human Rights, Bulgarian Helsinki Committee, Centre for Peace Studies (Croatia), Hungarian Civil Liberties Union, Italian Coalition for Civil Liberties, and Liberty (UK).

Speaking at the Brooking Institute on November 18, shortly after the attacks in Paris, Commissioner Jourova stated, “These brutal attacks were an attack against our freedoms, our way of life, and our values of tolerance and peaceful coexistence. It is precisely these values that we will defend. We shall not be guided by fear and we must not let the attackers disrupt our lives. Instead we shall be resolute in our response to terrorism and hatred.”

The 13 proposals for the EU and the US that we believe are necessary after the judgment:

  • The EU should enact an effective General Data Protection Regulation before the end of this year.
  • The EU should enact a revised Directive on Data Protection in the context of law enforcement that provides greater accountability and transparency for police agencies and greater rights for individuals.
  • The EU should end mass surveillance by member states.
  • The EU should suspend the Swift Agreement and the PNR Agreement and pursue a Digital Bill of Rights as recommended by the European Parliament Committee on Civil Liberties, Justice, and Home Affairs.
  • The EU should enforce the data retention ruling of the CJEU in Digital Rights Ireland and prevent member states from adopting laws that violate the fundamental rights to privacy and data protection.
  • The EU should ensure effective enforcement of its data protection laws towards companies established in the US that are targeting users in Europe.
  • The US should enact a comprehensive legal framework for data protection based on the Consumer Privacy Bill of Rights with appropriate regulatory and enforcement powers.
  • The US should establish an independent data protection agency.
  • The US should end the mass surveillance of non-US persons under Section 702 of the Patriot Act.
  • The US should update the Privacy Act of 1974 to provide meaningful judicial redress to all person whose data is stored by a US federal agency.
  • The US should ratify Council of Europe Convention 108, the Privacy Convention.
  • The US should stand up for strong encryption and reject any law or policy that would undermine the security of consumers and Internet users.
  • The EU and the US should commit to annual summit with the full participation of civil society organizations to assess progress toward these goals.

By Fanny Hidvegi (@infofannny), Electronic Privacy Information Center

Liberties Report

Health of Our Democracies Compromised by Many EU Leaders During 2020

See 6 trend reports & 14 country reports