Where Schrems Got it Wrong: Defending the Adequacy of the U.S. National Security Framework

Share |

Yesterday, Professor Peter Swire, Huang Professor of Law and Ethics at the Georgia Tech Scheller College of Business and Senior Fellow of the Future of Privacy Forum, released an insightful report addressing the serious misunderstandings of U.S. national security laws, which were reflected in official statements made in the Schrems case striking down the EU-U.S. Safe Harbor.

The report, U.S. Surveillance Law, Safe Harbor, and Reforms Since 2013, draws on Mr. Swire’s extensive experience as a scholar of both EU data protection law and U.S. surveillance law in making two critical points.

First, the Report explains how U.S. surveillance law is fundamentally compatible with E.U. law, highlighting thefundamental equivalence of the United States and EU member States as constitutional democracies. In the Schrems decision, the U.S. was criticized for failing to ensure “a level of protection of fundamental rights essentially equivalent to that guaranteed in the EU legal order.” This chapter critiques that finding, instead showing that the United States has strict rule of law, separation of powers, and judicial oversight of law enforcement and national security surveillance.

Second, the Report highlights and explains the myriad reforms since the Snowden revelations in 2013. The Schrems decision said that U.S. privacy protections must be evaluated in the “current factual and legal context.” However, in doing so, the European Court of Justice disregarded the numerous reforms put in place since 2013, which together constitute the biggest set of pro-privacy actions in U.S. surveillance law since creation of the Foreign Intelligence Surveillance Act in 1978.

In the wake of the Schrems decision, the roughly 4,400 European and U.S. companies that have been using the Safe Harbor have been in a kind of legal limbo. U.S. and EU officials are reportedly nearing the end of negotiations on a revised data transfer agreement, the so-called “Safe Harbor 2.0.”  A new agreement combined with a better European understanding of the realities established in this report are critical variables along the path to greater legal certainty of data transfers between the U.S. and EU.

David David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.