Safe Harbour must be strengthened not suspended
8 May 2014
The House of Lords European Union Sub-Committee on Home Affairs, Health and Education has written to the Government and the European Commission about the safe harbour data protection arrangements between the US and the EU, following its enhanced scrutiny of two European Commission Communications concerning data flows between Europe and the United States.
- Letter from the Committee to Simon Hughes MP, Minister of State for Justice, Ministry of Justice, dated 7 May 2014
- Written submissions and oral evidence: Safe Harbour
- Explanatory Memoranda: Safe Harbour
- Commission Documents: Safe Harbour
- Enhanced Scrutiny: Safe Harbour
- EU Sub-Committee F: Home affairs, health and education
The Committee disagrees with the position of the European Parliament that safe harbour should be suspended. It supports the European Commission’s efforts to negotiate a strengthened safe harbour with the US authorities.
The Committee finds that:
- more work needs to be done to increase understanding of safe harbour among citizens and businesses;
- citizens should have more opportunities to complain about breaches of privacy concerning their personal data;
- redress provision must be free;
- monitoring of company compliance with safe harbour should not be complaints-driven; a robust system of checks, audits and reports should be developed;
- the Commission and US authorities should regularly evaluate the implementation of safe harbour; and
- it would be in the UK’s national interest to discuss privacy and security at EU-level to ensure that the UK’s concerns are understood.
Lord Hannay of Chiswick, Chairman of the EU Home Affairs, Health and Education Sub-Committee, which conducted the enhanced scrutiny of safe harbour, said:
“Having heard the views of a number of expert witnesses, we are not persuaded that immediate suspension of the current safe harbour framework would be helpful or desirable, but are absolutely convinced that it must be strengthened.
“Work must be done to introduce a more credible compliance regime (not simply based on complaints), efforts must be made to raise awareness among citizens about their rights (particularly to redress) under safe harbour, and more must be done to tackle false claims of adherence to the scheme by companies. The UK Government will have to make a careful assessment of the package of reforms to strengthen safe harbour anticipated from the US this summer.
“We are also recommending that the Government ensures that privacy policies are intelligible, if they are to be of any real use, and that they ensure that there is greater clarity both for citizens and business about safe harbour.
“The discussions around privacy, security and data protection are complex ones and a balance must be found between the duty of the state to protect its citizens and its duty to safeguard their privacy. Our findings are by no means the last word on these matters but we hope they will be taken seriously by the Government and European Commission in shaping the negotiations to strengthen the safe harbour for personal data.”