Privacy & Information Security Law Blog

On July 18-19, 2013, the European Union Justice and Home Affairs Council held an informal meeting in Vilnius, Lithuania, where Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, openly criticized the U.S.-EU Safe Harbor Framework.

The U.S.-EU Safe Harbor Framework was developed in 2000 by the U.S. Department of Commerce and the European Commission to provide adequate protection to personal data originating from the EU when the data are transferred to U.S. companies certified under the Safe Harbor Framework.

At the Council meeting, Commissioner Reding expressed the view that “the Safe Harbor agreement may not be so safe after all.” According to Reding, it could be considered to be a “ loophole” for international data transfers since it allows data transfers from the EU to U.S. companies despite the fact that U.S. data protection standards are lower than European standards. Commissioner Reding further announced that the European Commission currently is working on an assessment of the Safe Harbor Framework, and the results will be made public before the end of the year.

In addition, the European Commission stated that public authorities outside the EU violate public international law if they obtain access to the data of EU citizens directly from private sector companies that maintain the data. According to the European Commission, such authorities should make use of a legal framework that involves judicial control if they seek to access data from EU citizens who are located outside their jurisdiction.