Five Myths About Safe Harbor

[Commentary] I have been thinking a lot recently about the days at the US Department of Commerce back in the late 1990s when we negotiated the US-European Union Safe Harbor Privacy Arrangement (Safe Harbor) with the European Commission. I never thought at the time that Safe Harbor would ever be in the spotlight as much as it is today. But, I also don’t think that any of us could have anticipated how much the world would change in the 15 years since Safe Harbor was negotiated: 9/11, the Snowden revelations and the explosion of the Internet are just a few of the things that have shaped our world along the way. I thought now would be a good time to set the record straight on five myths about Safe Harbor.

Myth #1: The Safe Harbor Arrangement is terminated as a result of the Schrems judgment.
Myth #2: The Safe Harbor is intended to address government surveillance issues.
Myth #3: The Safe Harbor is poorly enforced by the Federal Trade Commission.
Myth #4: The Safe Harbor Arrangement failed to stand the test of time.
Myth #5: The Safe Harbor Arrangement is no longer needed.

Safe Harbor succeeded in bridging the gap between Europe and the US on data flows at a critical time in the growth of the global digital economy. But in life, all things change, and Safe Harbor was due for an upgrade, as is the Directive itself.

[Brian Hengesbaugh is Chair of the Firm's Global IT/C Data Security Steering Committee, and a Member of the Firm's Global Privacy Steering Committee]