How Ending the Safe Harbor Law Threatens U.S. Businesses

Half of the world’s digital data is shared between the U.S. and Europe, but a decision expected Tuesday from a European high court could slow traffic between the two to a crawl, disrupting the U.S. government and businesses around the world.

The European Court of Justice is on the verge of rejecting the 2000 Safe Harbor law, a business agreement that expedites the transfer of digital data between companies and international networks. Ending this deal would spell delays for not only social media sites and search engines, but potentially banks, telecoms, marketing firms and other companies that rely on large amounts of digital traffic for communications or research.

More than 3,000 businesses in Europe and the U.S. depend on the agreement, according to the Information Technology & Innovation Foundation think tank.

A ruling against the Safe Harbor agreement would also weaken the enforcement influence of the U.S. Justice Department, which has sought jurisdiction over data from American companies like Microsoft that is stored other countries like Ireland,

says Justin Harvey, chief security officer with Fidelis Cybersecurity.

“I fear this could create a substantial loophole for a user or company’s data, fueling a movement to ‘offshore’ sensitive data that someone wants to hide from U.S. government scrutiny,” he says.

The EU court will rule Tuesday on a case stemming from concerns about international spying by the National Security Agency following disclosures to the press by former agency contractor Edward Snowden. Austrian privacy advocate Max Schrems claimed in a lawsuit against Facebook that his data protection rights were violated by that dragnet surveillance, and filed the case in Ireland where the social media company’s Europe headquarters in located. The Irish court rejected it, citing the Safe Harbor law as a protection for Facebook, but the EU high court is poised to rule against that agreement as part of Schrems’ appeal.

#Schrems ruling date confirmed: 6th October at 9:30 #SafeHarbor

— EU Court of Justice (@EUCourtPress) September 29, 2015

The Safe Harbor law affects half of the world’s digital data, the Irish Minister of State for Data Protection Dara Murphy told Irish Times. Despite the stakes, a non-binding opinion published recently by European Court of Justice Advocate General Yves Bot recommended a ruling that Safe Harbor was “invalid” and in violation of EU data privacy laws.

Harvey predicts the court decision will lead to a rejection of the data sharing agreement, which would then require companies to gain approval for data transfers with networks in individual countries and leave “many, many U.S. and European businesses flat-footed.”

“There is certainly a growing international distrust of anything U.S. government related because of the liberties the U.S. has taken in relation to spying without consent,” Harvey says of the concerns driving the case.

Whatever the court decides, the Obama administration will continue coordinating with European authorities “to protect privacy while providing certainty for businesses,” U.S. Commerce Secretary Penny Pritzker tells U.S. News.

“We have been engaged for nearly two years with the European Commission to improve and strengthen the Safe Harbor Framework, and look forward to moving ahead, as soon as possible, past any potential Court decision challenges,” she says. “It is critical we keep data flowing and business functioning between the U.S. and EU.”

U.S. Internet companies have feared increasing scrutiny from Europe since the NSA revelations came to light in 2013, but the passage of the USA Freedom Act last year addressed some of their concerns about losing trust from customers by ending the NSA’s dragnet collection of phone records. The Freedom Act’s author, Rep. Jim Sensenbrenner, R-Wisc., has also introduced the Judicial Redress Act, which would give people in foreign countries limited ability to argue privacy concerns in U.S. courts.

The ITIF supports passage of the Judicial Redress Act as a step to ease disagreements about data sharing between nations, as does the Business Software Alliance trade association, which represents companies including Apple, IBM and Microsoft. The trade association is concerned about government access to data, and is pushing for reforms that would reassure companies that both privacy concerns and national security interests are being addressed.

“We cannot conflate surveillance and commercial data issues,” says Victoria Espinel, president of the Business Software Alliance.