The United States and many nations in the European Union take different approaches to issues of privacy. Much of this has historical and cultural roots and reflects differing views of the nature of governmental power. One example of this is the European “right to be forgotten.” Previously, issues with U.S. anti-terrorism laws regarding the exchange of airline passenger data following the 9-11 attacks caused friction between the US and EU. A final agreement was reached on passenger name record data in 2007.
The Snowden related revelations in 2013 again caused considerable friction between the U.S. and Europe on data sharing.
In September 2015, the EU and the U.S. reached an Umbrella Agreement on sharing data in criminal cases including terrorism cases. The agreement establishes limits on the use of the data, transfer to third parties, how long data may be retained, and a process to see and challenge the data. The U.S. has to pass legislation to allow E.U. citizens to use U.S. courts to exercise this right of redress.
A third agreement, the 2000 EU-US Safe Harbor decision by the European Commission on corporate data remains a sticking point and is of great importance to US tech firms such as Google and Facebook. Facebook stores information on both U.S. and European servers for European users. A recent decision by the European Court of Justice in the case Maximillian Schrems v. Data Protection Commissioner held that in light of the Snowden revelations U.S. data protection laws were insufficient and thereby the Safe Harbor agreement is invalid. The decision affects approximately 4400 companies. It will likely prove to highly disruptive to businesses as the court decision did not allow for a period to establish a new agreement or provide guidance to companies that are conduction the millions of data transfers daily in the normal course of business.
This is yet another example of technology out pacing policy. While data may move easily across borders, the sovereignty issues of international law dating to the 1600’s still apply.
ECJ Rules EU-US Safe Harbor Programme Is Invalid. (n.d.). Retrieved October 8, 2015, from http://www.natlawreview.com/article/ecj-rules-eu-us-safe-harbor-programme-invalid
EPIC – EU-US Airline Passenger Data Disclosure. (n.d.). Retrieved October 8, 2015, from https://epic.org/privacy/intl/passenger_data.html#background
Nakashima, E. (2015, October 6). Top E.U. court strikes down major data-sharing pact between U.S. and Europe. The Washington Post. Retrieved from https://www.washingtonpost.com/world/national-security/eu-court-strikes-down-safe-harbor-data-transfer-deal-over-privacy-concerns/2015/10/06/2da2d9f6-6c2a-11e5-b31c-d80d62b53e28_story.html
Pylas | AP, P. (2015, October 6). European data sharing pact with US ruled invalid. The Washington Post. Retrieved from http://www.washingtonpost.com/business/technology/top-eu-court-rules-data-sharing-pact-with-us-invalid/2015/10/06/a8219d06-6c1c-11e5-91eb-27ad15c2b723_story.html