In a letter last week, the U.S. Chamber of Commerce and BusinessEurope, an advocate for enterprises in 34 European countries whose national business federations are its direct members, called on senior leaders “to expeditiously reach agreement on a strengthened Safe Harbor framework.”
The letter expressed deep concern about the impact of the European Court of Justice’s (“ECJ”) landmark opinion last month, overturning the European Commission's (“EC”) 15-year old decision that the privacy principles of the former U.S.-EU Safe Harbor Accord provide an adequate level of protection of the personal data of EU citizens.
Noting that the Safe Harbor “is a key instrument for companies of every size and sector” seeking to transfer data from Europe to the United States, the letter highlighted the “great uncertainty” businesses currently face and the likelihood that end users may face a disruption in goods and services.
To address international data transfer issues, the Chamber of Commerce and BusinessEurope urgently called for five next steps:
- Timely conclusion of U.S.-EU negotiations on a revised Safe Harbor in order to restore mutual confidence in the digital world.
- Issuance of joint guidance from the European Commission and Art. 29 Working Party on how organizations should move forward and address the current legal uncertainty.
- Guarantees of consistent treatment by national Data Protection Authorities (“DPAs”) of international data transfers, in order to prevent disruptions in the EU digital market. The letter expressed concern that by issuing individual, inconsistent guidance – as some have already done – national DPAs will create an unmanageable, fragmented process.
- An adequate transition period of at least six months prior to enforcement of the ECJ ruling in order to permit companies to begin implementing alternative data transfer methods. The letter further clarifies that this six-month (or preferably longer) clock should not begin to run until EU DPAs agree on adequacy mechanisms.
- Inclusion of sound and predictable transfer mechanisms that avoid fragmentation in the proposed EU General Data Protection Regulation (“GDPR”). The letter asks negotiators of the GDPR to provide rules that will be equally and directly applicable throughout all Member States, avoiding delegated acts or specific decisions of national DPAs and providing a tool to achieve harmonization.
U.S. officials who received the letter included Commerce Secretary Penny Pritzker, Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez, FTC Commissioner Julie Brill and National Security Advisor Caroline Atkinson. The letter was also sent to key European leaders, including the Chair of the Article 29 Working Party, Isabelle Falque-Pierrotin, and Commissioner for Justice Věra Jourová.
As the dialogue and Safe Harbor negotiations continue, we once again recommend Paul Hastings’ recent presentation, outlining ten options to consider in the wake of the ECJ’s decision, and promise to provide further updates.