Roosevelt Institute | Cornell University

Crossing the Data Border

By Arielle TanninPublished November 8, 2015

null
As the world becomes increasingly globally connected via technology, questions arise over how to preserve the rights of citizens in a given country. One such example of this tension is displayed by the European Union's decision on October 6th to strike down its fifteen-year-old safe harbor agreement with the United States.
By Arielle Tannin, 11/08/15

As the world becomes increasingly globally connected via technology, questions arise over how to preserve the rights of citizens in a given country. One such example of this tension is displayed by the European Union's decision on October 6th to strike down its fifteen-year-old safe harbor agreement with the United States. This agreement previously allowed American technology companies to handle and export data from European users. This is an important capability for companies like Facebook and Google who rely on unencumbered access to information from consumers all around the world in order to provide their services. The European Court of Justice opposed this agreement because they asserted that it gave the U.S the ability to compromise the privacy of its citizens. This decision carries significant economic implications that could shape the landscape of virtual commerce and activity.
 
The decision to abolish this safe harbor agreement was sparked by an Austrian student named Max Schrems who submitted a complaint against Facebook to the Irish data protection authority for being complacent with NSA snooping on their users' data. He invoked Edward Snowden as an example, claiming that the leaks he shared were evidence of the NSA's inappropriate involvement in accessing its confidential information. His complaint ascended to the European Court of Justice where they deemed the US safe harbor agreement invalid. The European Union has stricter laws in place for privacy protection than the United States does and it only allows data to be exported if it is guaranteed to be treated with the same respect to privacy as it would be in the EU.
 
To address the present inability to manage and export data from Europe, some companies have adopted Binding Corporate Rules and Model Contract Clauses, contracts that allow them to transfer data out of the EU using alternative approval processes. Google for instance, has begun setting up larger data processing centers housed in European countries in order to bypass exposing this data to the US government. This is not a sustainable model because smaller less wealthy companies cannot afford these centers. This type of strategy would ultimately cripple startups and small businesses because they lack the legal and economic resources necessary to adopt other data-transfer methods.
 
Given the bifurcation this case decision causes between well-established and smaller companies, it is important to reevaluate a more equitable policy to address European privacy concerns. Penny Pritzker, the American secretary of commerce, stated that the ruling "puts at risk the thriving trans-Atlantic digital economy." A new safe harbor agreement between the US and the EU has been in the works since 2013, with little headway being made. This delay can be attributed to the two nations' fundamentally different understandings of privacy. In the United States, privacy is considered a consumer protection issue, whereas in Europe it is seen as a right on par with freedom of expression. Ultimately, both sides will have to consider the tradeoff between total privacy and an active world economy.