While the United States’ developing conception of privacy and ownership of personal data centers around the notion of free markets and consumer protection, the European Union has long established a stringent conception of data privacy both as a human right and fundamental freedom requiring broad regulation. The differences in each government’s approach initially came to a head in 1998, when the European Commission published a Directive on Data Protection. The Directive would have prohibited the transfer of personal data from Europe Union countries to the United States (and other non-European Union countries) should the U.S. fail to meet the EU’s “adequacy standard for privacy protection.” To prevent the Directive from creating such an effect, the United States Department of Commerce worked with the European Commission to create a “Safe Harbor” agreement. United States companies complying with the Safe Harbor framework were deemed to “provide ‘adequate’ privacy protections” under E.U. standards.
Last week, however, the European Court of Justice issued an opinion invalidating the Commission’s safe harbor framework with the United States. The underlying case involved, Max Schrems, a Santa Clara University Law student from Ireland. Schrems filed a complaint with the Irish Data Protection Commissioner arguing that Facebook was not adequately protecting his personal data. Schrems concerns about the adequacy of his personal data protection stemmed from the National Security Agency’s Prism program, revealed by Edward Snowden, which allowed the federal agency access to European private data held by United States companies. The Court of Justice held that the Data Commission’s determination that a third country provides adequate protection of personal data transferred to that third country from the E.U. “cannot eliminate or even reduce the powers available to the national supervisory authorities under the Charter of Fundamental Rights of the European Union and the directive.”
Could this decision change the way the United States views privacy rights? Most likely not. The Department of Commerce has stated it “will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework.” Commerce Secretary Penny Pritzker issued the following statement: “We are deeply disappointed in today’s decision from the European Court of Justice, which creates significant uncertainty for both U.S. and EU companies and consumers, and puts at risk the thriving transatlantic digital economy.” The most pressing impact this decision will likely have is on the current negotiations to update the Safe Harbor framework. Ultimately, American companies have no choice but to operate in the European Union, and the European Union may now have the authority it needs to push back against American might.
———————————————————————————————————————————-
Hilary Soloff is an editor on the Michigan Telecommunications and Technology Law Review, and a member of the University Michigan Law School class of 2016.