What Congress can do to maintain trans-Atlantic data flow
Lawmakers may need to pursue comprehensive surveillance reform to keep the EU participating in the data flow pacts that have become crucial to the economy.
A recent European Union court ruling rewrote the rules governing the trans-Atlantic movement of 15TB of data per second. Trillions of dollars in trade are potentially in jeopardy, said U.S. Chamber of Commerce global regulation head Adam Schlosser.
The European Court of Justice ruling struck down the longstanding "Safe Harbor" international agreement that had governed data transfers between the U.S. and the European Union since 2000. The ruling means that companies that can't afford separate European infrastructure for data storage could potentially run afoul of EU standards when moving personal customer data back and forth between the U.S. and Europe.
What's Congress to do?
Passing the Judicial Redress Act, would be a start, several panelists said at a panel discussion convened by the Chamber's Center for Global Regulatory Cooperation International. But even that legislation, aimed at giving some protection to foreign nationals under the Privacy Act of 1974, would be subject to U.S. authorities.
Digital freedom group Access' Amie Stepanovich warned that in the Senate, the legislation was being proposed as an amendment to the controversial Cybersecurity Information Sharing Act. Stepanovich said the pairing tied "one small step forward" with "a huge step backward" on digital privacy rights.
Four key lawmakers sent a letter to Commerce Secretary Penny Pritzker and Federal Trade Commission head Edith Ramirez urging regulators to update the Safe Harbor agreement. Stepanovich warned that a regulatory agreement" may be the wrong path to take."
She called, instead, for Congress to seriously reevaluate the scope of the American government's surveillance powers.
"At its heart, this is a surveillance decision," she said of the ECJ decision, which is widely seen as a consequence of the revelations of far-reaching Internet and telephone surveillance conducted by the National Security Agency.
Commercial data practices are relevant to the discussion, panelists noted, but what Uncle Sam does will have the biggest impact. Of course, the work to be done doesn't all lie on the American side.
"People in glass houses shouldn't throw stones," said Abigail Slater, VP, Legal and Regulatory Policy at the Internet Association. She noted that the European decision didn't compare U.S. surveillance practices of European nations, many of which she suspected were as far-reaching as those of the United States. And the court also didn't analyze legal changes since the 2013 revelations, which Slater said may paint a more favorable picture of how the U.S. handles foreigners' data.
Damien Levie, head of the Delegation of the European Union to the United States' trade section, offered words of comfort.
"We are reading too much into the judgment," he noted. The European court was "only answering a question from the [Irish] High Court," he noted, saying that the full impact of Safe Harbor's demise – and the future of the trans-Atlantic data flow – remains to be seen.