This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Is safe harbour just a distraction from more pressing issues?

News
Share:
Is safe harbour just a distraction from more pressing issues?

By

The proposed EU data protection regulation and TTIP agreement will have a longer term impact on data privacy, writes Matthew Rogers

With the invalidity of the EU-US safe harbour agreement confirmed by the Court of Justice of the European Union (CJEU), international companies may be fretting over the ramifications of transferring data across the Atlantic.

As firms scramble to find new ways to process and store user data or make use of other methods, such as data subject consent, standard form contracts, and self-assessment, national data protection authorities are in ongoing discussions to ensure EU citizens' data is sufficiently protected.

But is safe harbour merely a diversion for European lawmakers?

Solicitor and managing director of Digital Law UK, Peter Wright, believes there are far more important matters - such as the General Data Protection Regulation (GDPR) and the Transatlantic Trade and Investment Partnership (TTIP) - that need to be considered, rather than the court's headline making judgment.

'Safe harbour is a little bit of a distraction from the more pressing issues that we have to look at in the next few years. At the moment we have the potential EU data protection regulation which will cover the whole EU. That's been in draft form since 2012 and it's likely to come into force within the next two years.

'The data protection regulations will also be affected by the potential US-EU free trade area, TTIP. Part of the issues there are the storage and transmission of data within the free-trade area.'

As Wright observes, safe harbour was never intended as a long-term measure and only served as a quick means of allowing US technology giants to trade with the EU and other countries.

'There is no data protection law in the US, which is why there was this fudge of safe harbour that allowed for it, and all the tech industries there, to trade with the EU and the rest of the world. They dreamed up safe harbour but it has only ever been a sticking plaster. It's not been an effective long-term solution.'

Wright opines, however, that it is arguable whether the EU's data protection regulations and TTIP will become a long-lasting solution to the problem.

'It's a couple of very big "ifs". They will end up creating the regulatory environment that we'll be working under in the medium to long-term. That will have far more impact than what comes out as a result of the Schrems decision, which will probably form part of those regulations.'

Similarities can be drawn between the Schrems case and the Google Spain case, which centred on the 'right to be forgotten' ruling from 2014.

'In the same way as the 'right to be forgotten'; that was one of the concepts held within the draft regulation, but it was almost like the European court jumped in and made it an issue ahead of the regulations bringing it in anyway. It's an indicator in the way that Europe is moving in terms of its general information governance.'

While the safe harbour saga has rightly received the press coverage it required, trialogue discussions between the European Parliament, Council of Ministers, and European Commission will continue so as to finalise the wording of the new data protection regulation. Only time will tell how far and significant the impact will be.

Matthew Rogers is an editorial assistant at Solicitors Journal
@sportslawmatt | matthew.rogers@solicitorsjournal.co.uk