July 25, 2013, 10:48 AM — The European Commission should suspend agreements that allow European companies to transfer personal data of European citizens to the U.S., the German Conference of Data Protection Commissioners has urged.
The Commission, meanwhile, is working on an assessment of the agreements that it will present before the end of the year.
Due to the mass surveillance of communications by the U.S. National Security Agency (NSA), U.S. companies can no longer fulfill European requirements for the exchange of personal data, said Germany's Conference of Data Protection Commissioners in a joint letter sent to German chancellor Angela Merkel that was published on Wednesday. The conference consists of the federal data protection commissioner and the data protection commissioners of the German states.
The European Commission's data protection directive prohibits the transfer of personal data to non-E.U. countries that do not meet E.U. standards for privacy protection. To allow exchange of personal data with U.S. organizations, the U.S. Department of Commerce and the European Commission developed a "Safe Harbor" framework, allowing E.U. companies to keep exchanging personal information within the bounds of the agreement.
Under the Safe Harbor conditions companies, for example, must show that they prevent penetration of their networks, Imke Sommer, the Bremen Commissioner for Data Protection and Freedom of Information said on Thursday. She added, however, that, "As we know by now there is no safe network, the NSA is watching."
Therefore, the German data protection authorities have asked the Commission to suspend the Safe Harbor agreements and review whether U.S. companies can still comply with them, she said. If the agreements are suspended, that would mean that no European company would be allowed to send personal data to the U.S., Sommer said.
"The Safe Harbor agreement may not be so safe after all," said Viviane Reding, vice president of the European Commission and the commissioner responsible for justice, fundamental rights and citizenship at the informal Justice Council in Vilnius last Friday. "U.S. data protection standards are lower than our European ones. I have informed ministers that the Commission is working on a solid assessment of the Safe Harbor Agreement which we will present before the end of the year."
The European Parliament and European industry have also been asking for a review, and the Commission will take note of the call from data protection and privacy advocates in Germany for an assessment, a Commission official said on Thursday.