Last week, Berlin looked to be taking some concrete steps to address shortcomings in data privacy treaties. Germany’s foreign and justice ministers sent a letter to their European counterparts suggesting that an “additional protocol” be added to Article 17 of the UN’s International Covenant on Civil and Political Rights “that guarantees the protection of the private sphere in the digital age.” The push comes as the debate in Germany continues to rage over the U.S. National Security Agency’s PRISM Internet surveillance program.
In addition, Germany’s top data protection official, Peter Schaar, together with his counterparts from the country’s 16 states, said in a statement that they would not approve data transfers until the German government demonstrated that foreign intelligence services’ access to German information is limited in a way that complies with the main principles of data protection law. German data protection officials will also review whether to suspend the European Union data exchange agreement with the United States, known as Safe Harbor, and EU standard contractual clauses, which are also used for compliant data transfer between the EU and the United States.
The data protections officials pointed out that EU authorities may suspend the transfer of data if a high probability exists that the United States is violating Safe Harbor principles. The officials say that the United States very well may be violating those Safe Harbor principles because of the recent revelations regarding the way the United States monitors and collects private data. In addition, though the application of the Safe Harbor principles is limited as required by national security or law, the German officials affirm that these exceptions should be applied narrowly and used only as necessary.
The officials also point out that even when standard contractual clauses are used to transfer data to the United States, the data importer must represent that (to his knowledge) there are no laws in his country that materially affect the guarantees in the EU standard contractual clauses. The officials are concerned that there may be some kind of general authorization to violate these guarantees in the United States, as it has become clear that the NSA routinely accesses personal data transferred to the United States under EU standard contractual clauses.
Germany is not alone in its anxiety over its citizens’ data security. European Justice Commissioner Viviane Reding made a similar demand very recently at a meeting of European interior and justice ministers in Vilnius. She said that she also has fundamental questions about Safe Harbor in light of the new spying disclosures. Ms. Reding pointed out that the revelations of NSA snooping would suggest that the Safe Harbor “may not be so safe after all.”
According to Ms. Reding, the European Commission is working on an assessment of the Safe Harbor agreement that it will present before the end of the year.