November 03, 2015 by Mark
This first appeared in The Hill’s Congress Blog.
U.S. law enforcement needs it. European and United States governments want it. Tech companies have called for its passage. The House of Representatives has passed it on a voice vote. It’s now time for the Senate to pass the Judicial Redress Act.
Its passage is important not only to restore global trust in the United States, but also to the finalization of a number of important agreements to technology and national security entities.
The legislation, introduced in the Senate by Sens. Chris Murphy (D-Conn.) and Orrin Hatch (R-Utah), is narrowly targeted to allow citizens of European nations and other designated allies the ability to request corrections of inaccuracies in data held by a number of U.S. agencies, verify their data has not been improperly disclosed, and seek civil judicial recourse in certain circumstances. It is a modest step toward giving citizens in other countries procedural privacy protections similar to — but not exceeding — those available to U.S. citizens.
In September 2015, the EU and the U.S. concluded an umbrella agreement that establishes a data protection framework for EU-U.S. law enforcement cooperation, enabling the exchange of personal information for the purpose of prevention, detection, investigation and prosecution of criminal offences, including terrorism. This agreement is vital to the continuation of our successful efforts to keep America safe from criminal gangs and terrorists.
The agreement commits the E.U. to provide U.S. citizens with a right of judicial redress for failure of European authorities to respect data protection rights. Conversely, it requires the U.S. to provide this redress right for European citizens, granting equal treatment of U.S. and E.U. citizens for privacy breaches.
European law already provides redress rights for U.S. citizens, but U.S. law has to be updated to provide this redress for European citizens. The umbrella agreement will be signed and formally concluded only after U.S. law is updated.
That’s why the Senate needs to pass the Judicial Redress Act — to conclude this data sharing agreement that is vital to U.S. law enforcement and anti-terrorist activities.
The bill is also needed to help restore public confidence in commercial transatlantic data flows. Since the revelations in 2013 regarding U.S. surveillance activities, suspicion and distrust have eroded the reputation of U.S. companies abroad as reliable custodians of business confidential information, and has led to a tangible slowdown in commercial opportunities. One study estimated the lost revenue could be as high as $35 billion over the next three years.
Two years ago, to help restore public trust, the European Union and the United States began negotiations for a modernized commercial data sharing arrangement. Since 1999, a Safe Harbor Framework has provided a convenient and effective legal basis for U.S companies and subsidiaries of European companies to comply with European regulations on commercial data transfers. These commercial transfers typically include data from employees, such as payroll information, and information about a company’s European customers.
On October 6, however, just as these discussions were coming to a conclusion, the European Court of Justice issued a ruling that invalidated the existing Safe Harbor on the grounds that U.S. privacy protections for European citizens were not adequate.
Suddenly, the roughly 4,400 European and U.S. companies that have been using the Safe Harbor were thrown into a kind of legal limbo. After a meeting on October 16, the European data protection regulators said that other legal bases for transfers are available including model contractual clauses and binding corporate rules. But moving to these alternatives cannot be done quickly or easily. In some cases, thousands of existing contracts have to be renegotiated.
The European regulators as a group urged EU negotiators to reach a new modernized safe harbor agreement with the United States by the end of January 2016. After which, they felt obliged to consider enforcement actions. Some individual regulatory authorities, however, announced that they are considering enforcement proceedings even earlier than January.
European Commissioners in charge of negotiations have publicly said that they are close to a final agreement in principle on the new framework. Passage of the Judicial Redress Act, they say, will facilitate the negotiation of a new safe harbor that will pass European court review.
In passing the Judicial Redress Act, the House acted to advance U.S. international interests in globally effective law enforcement and the free flow of data across borders. The leadership of the Senate and the Senate Judiciary Committee should heed the wishes of law enforcement, the international community and tech industry and do the same.
Mark MacCarthy, Senior Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy.