EU Privacy Ruling May Disrupt U.S. Tech Firms, Spy Programsby and
White House official says U.S. will give guidance to companies
Google, Yahoo among 4,000 companies using the rejected rule
U.S. Internet companies may lose billions of dollars and spy agencies may be stifled in thwarting terror plots after Europe’s highest court struck down a trans-Atlantic data-use agreement.
The U.S. Commerce Department will provide guidance to companies on how to proceed with data transfers in the wake of Tuesday’s ruling, which invalidates a 15-year-old agreement that allowed U.S. technology companies such as Facebook Inc. and Google Inc. to move European customers’ information to the U.S.
“It could potentially be disruptive depending on how the Europeans choose to implement it,” Michael Daniel, the White House’s cybersecurity coordinator said in an interview in Washington Tuesday. “This is really a discussion about how both of us protect privacy, and I’m sure it’s an issue that we’ll be able to deal with.”
The court ruling may cost U.S. and European companies hundreds of billions of dollars in lost trans-Atlantic business, said an official from a large U.S. trade group, who requested anonymity to speak freely.
The European Union’s top court scrutinized the data-sharing pact after former National Security Agency contractor Edward Snowden revealed information about U.S. government surveillance activities and mass data collection. But the ruling may undercut the ability of U.S. intelligence agencies to obtain data critical to preventing terrorist attacks, former U.S. National Security Advisor James Jones said in an interview in Washington Tuesday.
“During my time in the White House, we prevented several attacks on European soil by transferring information very quickly to our friends in Europe,” said Jones, a retired Marine Corps general, who was an adviser to President Barack Obama from 2009 to 2010.
The agreement, reached in 2000 and dubbed “Safe Harbor,” is invalid, the EU court said in its binding ruling, because the NSA’s data collection activities compromise the “fundamental right to respect for private life.”
While the U.S. wasn’t a party to the case, U.S. officials have pushed back against charges that the NSA’s data-collection program is massive and indiscriminate.
“This program helps protect Americans as well as our partners and allies,” Robert Litt, general counsel for the Office of the Director of National Intelligence, wrote Monday in an op-ed for the Financial Times.
The U.S. is “deeply disappointed” with the ruling and will work to reach an updated Safe Harbor framework with the EU, Commerce Secretary Penny Pritzker said Tuesday in a statement.
“We believe this decision was based on incorrect assumptions about data privacy protections in the United States,” White House Press Secretary Josh Earnest told reporters on Tuesday.
The case concerns more than 4,000 U.S. companies that are certified under Safe Harbor, including Google and Yahoo! Inc. Safe Harbor was originally designed to ease trade by letting companies shift information between sites in Europe and the U.S.
U.S. Senator Ron Wyden, an Oregon Democrat who co-sponsored legislation this year to facilitate a new free-trade pact with European countries, said the ruling would result in “open season” on American businesses.
“This misguided decision amounts to nothing less than protectionism against America’s global data-processing services and digital goods,” Wyden, who has criticized the NSA’s data collection, said in a statement. “It is a mistake that will wreak havoc on businesses on both sides of the Atlantic.”
Facebook, which has been reeling from revelations about its cooperation with U.S. government data collection, said in a statement that the ruling didn’t indicate it had done anything wrong.
“It is imperative that EU and U.S. governments ensure that they continue to provide reliable methods for lawful data transfers and resolve any issues relating to national security,” the company said.
Pritzker said she was prepared to work with the European Commission to “address uncertainty” facing U.S. businesses after the ruling.
“The court’s decision necessitates release of the updated Safe Harbor framework as soon as possible,” she said.
Jones said the ruling could have a real impact on intelligence officials’ ability to save lives.
Disrupting information sharing means “we’re all swimming by ourselves,” Jones said. “The bottom line is, if it’s a question of saving lives and intruding on privacy there’s no question that I come down on saving lives.”
U.S. business lobbies called on European leaders to provide guidance to technology companies.
“We urge the European Commission to issue guidance to assure companies how they can continue to transfer data across the Atlantic until such time as a new safe harbor is put into place,” Mark MacCarthy, senior vice president of public policy for the Software & Information Industry Association, which represents such companies as Apple Inc. and Oracle Corp., said in an e-mailed statement.
The U.S. Chamber of Commerce said the ruling was cause for serious concern, especially for smaller companies.
“Small and medium-sized firms on both sides of the Atlantic will bear a disproportionate share of the burden of coping with new legal and administrative requirements and a lack of legal certainty,” said Myron Brilliant, executive vice president and head of international affairs at the Chamber.