By Stephen Gardner
Oct. 29 --U.S. lawmakers
should renew their efforts to adopt privacy legislation that will “rebuild
trust” with the European Union in the wake of revelations about alleged U.S.
spying and access by the U.S. National Security Agency to customer data held by
high-profile online companies, European Commission Justice Commissioner and
Vice-President Viviane Reding said Oct. 29.
Speaking in Washington at a
seminar organized by the Center for Transatlantic Relations, the EU Delegation
to the USA and the Peterson Institute for International Economics, Reding said
U.S. privacy law should include in particular a right of redress for EU
citizens in case of violations of their privacy rights, and failure to address
European concerns about data protection might jeopardize the Transatlantic
Trade and Investment Partnership (TTIP).
Without “a legal provision on
judicial redress for EU citizens, regardless of their residence, in the
forthcoming U.S. privacy act,” the European Parliament “may decide to reject
the TTIP,” because of privacy concerns, Reding said.
spokeswoman Mina Andreeva told Bloomberg BNA Oct. 29that by “the forthcoming
U.S. privacy act,” Reding was referring to the Intelligence Oversight and
Surveillance Reform Act (S. 1551) introduced in
September by Sen. Ron Wyden (D-Ore.), co-sponsored by Sens. Mark Udall
(D-Colo.), Rand Paul (R-Ky.) and Richard Blumenthal (D-Conn.) (12 PVLR 1662,
To restore trust in
the context of the TTIP negotiations, the U.S. “will have to show that they
treat Europe as a real partner,” Reding said. “And that they take European
concerns about privacy and data protection very seriously.”
however, that data protection shouldn't be included in the TTIP negotiations.
“Data protection is not red tape or a tariff,” she said. “It is a fundamental
right and as such it is not negotiable.”
U.S. industry and consumer
protection groups have been divided on whether to include privacy provisions in
the trade agreement (12 PVLR 909, 5/27/13).
Meanwhile in July, the head
of a political group representing nearly 25 percent of the members of the
European Parliament said lawmakers shouldn't ratify TTIP until a framework
agreement on data privacy has been reached with the U.S. (12 PVLR 1330,
reinforce a statement published by EU heads of state and government after a
summit meeting Oct. 25, which noted that there were “deep concerns” in the bloc
over the alleged extent of U.S. intelligence gathering.
Reding said the
U.S. should instead adopt rules that would be equivalent to the EU data
protection regulation, which is under discussion. The European Commission in
January 2012 proposed a single data protection law for the EU to replace the
1995 EU Data Protection Directive (95/46/EC) .
Data flows between the EU
and the U.S. should be able to “rely on solid legal foundations on both sides,”
and “we expect the U.S. to quickly set its side,” Reding said.
Parliament President Martin Schulz Oct. 24 called for suspension of TTIP talks
pending clarification of the extent of alleged U.S. surveillance of EU
governments and institutions (12 PVLR 1817, 10/28/13).
Although other EU
leaders called for a surveillance agreement with the U.S. by the end of 2013,
they said they didn't support suspension of TTIP talks (see related
The U.S.-EU Safe
Harbor Program is inadequate for regulating data transfers, and the EU doesn't
want to “worry about the tide in a 'safe’ or, after all, not so 'safe’ harbor,”
Under the Safe Harbor Program, data transfers from the EU
are permitted on the basis that U.S. companies self-certify their agreement to
abide by the Safe Harbor framework, which includes seven privacy principles
similar to those found in the Data Protection Directive.
been raised by the European Parliament's Civil Liberties, Justice and Home
Affairs Committee (LIBE) that U.S. companies don't abide by Safe Harbor
commitments. LIBE Oct. 21 approved an amended draft Data Protection Regulation
proposed by the European Commission (12 PVLR 1817, 10/28/13).
said Reding was “not convinced that Safe Harbor is so safe after all, because
it is based purely on self regulation, and that is why the commission is
working on an analysis of Safe Harbor which we will present before the end of
the year,” before deciding on what next steps may be needed.
To contact the reporter on this story: Stephen Gardner in Brussels at firstname.lastname@example.org
To contact the editor
responsible for this story: Heather Rothman at email@example.com
Viviane Reding's Oct. 29 prepared speech is available at http://europa.eu/rapid/press-release_SPEECH-13-867_en.htm.
To view additional stories from Privacy & Data Security Law
Resource Center™ register for a free trial now