Safe Harbour 2.0 must serve dual goals of innovation and data protection

07 October – On Wednesday the Court of Justice of the European Union (ECJ) declared the EU-US Safe Harbour data transfer agreement to be invalid. In delivering its judgement, the Court ruled that the EU Commission does not have the competence to limit the powers of the national data protection supervisory authorities through the agreement.

As an initial reaction to the judgement, EuroISPA wishes to note that commercial data flows are central to facilitating transatlantic trade and such flows provide significant economic benefits to the EU economy. European Small and Medium-sized Enterprises have especially benefited from the certainty and practicality of Safe Harbour. Indeed, with SMEs constituting 60% of Safe Harbour participants we fear that they will be hardest hit by any moves that hinder international data flows and fragment regulation along national lines. On that basis, it is essential that policymakers work to develop new guidelines that allow companies to transfer data across the Atlantic legally and securely.

For many years EuroISPA has been working to realise a legislative landscape that encourages innovation while safeguarding privacy and data protection. We thus urge EU and US negotiators to develop a new and improved Safe Harbour 2.0 that incorporates the concerns of the Court and that European users can have confidence in. The development of the Internet has empowered both digital innovation and citizens’ fundamental rights. It is essential that Safe Harbour 2.0 serves to further these two basic considerations.

Ultimately, this ECJ judgment has far-reaching consequences for the Internet industry and has created considerable legal uncertainty for many companies. We implore the European Commission, the US, the European Data Protection Supervisor and national data protection regulators to now develop, as quickly as possible, a new regime which maintains a high standard of data protection and at the same time creates a practical and innovation-friendly solution for companies. In the meantime, it is important to officially recognise the need for sufficient transition period allowing all parties to assess and adapt to the post-judgement environment.