Brussels, 22/10/2015 (Agence Europe) - Jessica Rich, director of the Bureau of Consumer Protection of the US Federal Trade Commission (FTC), said in Brussels on Wednesday 21 October that her country had correctly applied Safe Harbor, the decision on which was invalidated by the Court of Justice on 6 October (see EUROPE 11403) and she defended the efforts of the US government to protect the privacy of consumers, including of Europeans whose data had been transferred to the United States since 2000.
Rich, however, drew attention to European shortcomings, including by national data protection authorities which, she said, had not properly alerted her department to breaches of the Safe Harbor framework. European data protection authorities were responsible for informing the FTC of possible infringements of the system but rarely did so, Rich argued, stating that, over the whole time that Safe Harbor was in place, only four complaints were sent to her. She said that the referral process did not work and that there came a time when the Americans decided to begin to look for Safe Harbor violations themselves.
At a briefing, she said that she was confident that discussions on a new Safe Harbor would be successful. She spoke only of possible progress in the area of commercial data transfer, refusing to be drawn on one of the points currently posing a problem - that of the exceptions granted to national security agencies. She repeated that the Safe Harbor framework did not serve national security interests, something that the EU Court of Justice, nonetheless, questioned, calling on Ireland to investigate the transfers to discover whether agencies such as the NSA had not, in fact, had access to “commercial” data.
Max Schrems, the Austrian student at the origin of the 6 October ruling with his action against Facebook, was in Brussels on 21 October. He was taking part in a debate in the European Parliament and expressed the opinion that a second Safe Harbor would not be possible as it would be practically automatically challenged once again in the courts. He said that it was essential that European legislators make robust laws and highlighted failings in cooperation between European data protection authorities, which, he said, did not work together closely enough. (Original version in French by Solenn Paulic)