US and EU Should Act Swiftly to Establish New Privacy Protections to Avoid Long-Term Digital Trade Disruption

WASHINGTON—Daniel Castro, vice president of the Information Technology and Innovation Foundation (ITIF), released the following statement in response to the European Court of Justice decision to strike down the U.S.-EU Safe Harbor Framework:

The Safe Harbor agreement has been the cornerstone of the transatlantic digital economy since before global companies like Facebook were founded. In the wake of the Snowden disclosures, European citizens and policymakers are understandably concerned about privacy safeguards in U.S. law. But abruptly revoking the Safe Harbor agreement was the wrong way to address those concerns. It will disrupt not just the thousands of U.S. and European companies that currently depend on the Safe Harbor to do business across the Atlantic, but also the broader digital economy. Aside from taking an ax to the undersea fiber optic cables connecting Europe to the United States, it is hard to imagine a more disruptive action to transatlantic digital commerce. Policymakers in the United States and EU should work together swiftly to implement an interim agreement so that we do not shut down transatlantic digital commerce overnight.

But beyond a stopgap measure to prevent global economic disruption, the United States and EU should make a number of much-needed privacy reforms to rebuild trust and cooperation if these countries want the world’s most critical economic relationship to continue. Most urgently, now that the United States and Europe have settled the Umbrella Agreement for exchanging data related to criminal activities, policymakers should also finish the process of creating a Safe Harbor 2.0 with terms that give comfort to all parties. In particular, the updated agreement should reflect the EU request that a national security exception is used only to the extent that it is strictly necessary and proportionate for a given incident.

While the USA Freedom Act was an important step forward in reforming U.S. surveillance practices, it was only the first in a series of steps lawmakers should take to restore confidence in U.S. technology providers by clarifying the privacy safeguards in U.S. law enforcement and national security policies and practices. To address European concerns about the privacy of their citizens’ data, Congress should pass the Judicial Redress Act to allow non-U.S. citizens to bring civil actions against the United States for violating the Privacy Act. U.S. policymakers also should move forward on reforming the Foreign Intelligence Surveillance Act.

Europe also should make reforms, including fully embracing the digital single market. Individual countries should not be able to set their own digital policies, including for privacy, or overrule the EU Commission, as doing so would fragment the digital economy. Moreover, the EU digital single market cannot be about “Fortress Europe.” It needs to be the first step toward a transatlantic digital single market.

If the United States and Europe do not come together to resolve these issues quickly, both parties will suffer greatly. If EU data cannot be stored or processed in the United States, it damages European users of technology, both businesses and consumers, putting them even further behind America. Everyone benefits from finding a workable solution that avoids undermining the transatlantic digital economy.