Negotiating a New Safe Harbor Agreement

The U.S. technology sector received a surprise jolt in October when the European Court of Justice struck down the Safe Harbor Framework, setting off a scramble to accommodate this sudden shift in privacy regulations. The framework was established in 2000 to provide guidance on how companies could transfer customer information between the EU and the U.S., while maintaining the customer’s right to privacy. The idea was that U.S. businesses were Safe Harbor compliant as long as they kept data belonging to EU citizens as secure as it would be in Europe, enabling them to store that data outside of the EU.

Ultimately, the person responsible for starting the chain of events that resulted in the end of Safe Harbor is Edward Snowden, the former National Security Agency (NSA) contractor who leaked classified documents exposing the NSA’s mass surveillance activities.  The EU responded very negatively to the Snowden revelations in general, but the specifics of the NSA’s PRISM program in particular form the core of the legal argument against Safe Harbor. The European Court of Justice decided that the NSA’s ability to access customer data en masse and at will from Internet companies meant that European citizen’s data was not adequately protected in the United States. Privacy is held as a fundamental right under Article 8 of the European Convention for the Protection of Human Rights. As a result of the European court ruling, transfers of customer data between the EU and the U.S. will need to stop, but private companies have been given several months to find alternate arrangements before any punitive measures go into effect.