Want to self-certify for Safe Harbor? Never mind EU, yes we can
Questions? Talk to our hand, or that lot across the pond
Despite Europe’s highest court ruling it invalid a week ago, the US Department of Commerce is still implementing so-called “Safe Harbor” arrangements, and directing any questions about the whole sorry business to its European cousins.
On its website the department maintains that despite “the current rapidly changing environment, [we] will continue to administer the Safe Harbor program, including processing submissions for self-certification to the Safe Harbor Framework”. In other words: business as usual.
Nor is the department going to answer any questions about why the whole deal has been declared invalid by the European Court of Justice (ECJ), instead passing the buck back to the EU.
“If you have questions, please contact the European Commission, the appropriate European national data protection authority, or legal counsel,” advises the website.
The industry-funded US Council of Better Business Bureaus, whose aim is to act “as a mutually trusted intermediary to resolve disputes between consumers and businesses” has stopped issuing advice about Safe Harbor data protection breaches.
Amid this confusion, the European Commission is still pushing for a re-negotiated framework.
However, speaking in the European Parliament’s civil liberties and justice committee on Monday, German MEP Jan Philipp Albrecht said a “Safe Harbour plus” was not a sufficient response and that a fundamental change was necessary.
“The commission must acknowledge that something in their field of responsibility went wrong and that a quick fix is not the solution. There cannot simply be a 'Safe Harbor plus' in this legal environment. The message to our partners in the US that they must change and deliver on essentially equivalent data protection in their legal system, including for EU citizens. There is no other way,” he said. ®