UNSAFE HARBOR: THE EUROPEAN UNION'S DEMAND FOR HEIGHTENED DATA PRIVACY STANDARDS IN SCHREMS V. IRISH DATA PROTECTION COMMISSIONER

By Lam, Christina | Boston College International and Comparative Law Review, January 1, 2017 | Go to article overview

UNSAFE HARBOR: THE EUROPEAN UNION'S DEMAND FOR HEIGHTENED DATA PRIVACY STANDARDS IN SCHREMS V. IRISH DATA PROTECTION COMMISSIONER


Lam, Christina, Boston College International and Comparative Law Review


INTRODUCTION

Both the United States and European Union (EU) avow a commitment to protecting data privacy, but their drastically different approaches have repeatedly been a source of tension.1 In 1995, the EU adopted the Data Protection Directive (DPD) as a comprehensive regulatory framework for processing, using, and exchanging personal data.2 The United States remained resistant to similarly standardizing its data protection practices, threatening the continuance of data trans· fers between the EU and the United States.3 Under considerable pressure, the United States negotiated with the EU to reach the Safe Harbor Agreement and, on July 26, 2000, the European Commission (Commission) recognized the agreement as compliant with the DPD in its Safe Harbor Decision (Safe Harbor).4 In 2013, U.S. data protection standards were, once again, a matter of controversy when Edward Snowden exposed the U.S. National Security Agency's (NSA) extensive surveillance activities.5 Ultimately, on October 6, 2015, the European Court of Justice (ECJ) found that the United States provided an inadequate level of data protection and invalidated Safe Harbor in Schrems v. Irish Data Protection Commissioner.6 This decision aroused uncertainty for an estimated 4500 U.S. companies and organizations that had been relying on Safe Harbor to legally carry out data transfers.7

Part I of this Comment provides a brief background of Safe Harbor and its invalidation in Schrems v Irish Data Protection Commissioner. Part II delivers a discussion of the relevant EU law, the arguments presented, and the court's decision. Part III analyzes the decision's importance and its implications for U.S. data privacy law. This Comment contends that the court misconstrued the term "adequate" in Article 25 of the DPD and invaded the jurisdictional province of the United States and all other countries outside of the EU.

I. Background

A.The Origins of Safe Harbor

The EU's lingering animosity towards past fascist and totalitarian policies of complete governmental control has inspired an ongoing campaign for personal data privacy.8 As part of that campaign, the EU adopted the DPD in 1995 to "ensure a high level of protection for the privacy of individuals in all member states . . . and also to help ensure the free flow of information society services in the [EU] by fostering consumer confidence and minimizing differences between the Member States' rules."9 The DPD subjects nearly all data collection, usage, and transfers to a wide range of regulations and requires each EU member state to have at least one independent, data protection authority to monitor compliance.10

Under Article 25 of the DPD, transfers of personal data to non-European Economic Area countries (third countries) are only allowed if that country ensures an adequate level of data protection.11 Such data transfers between the EU and third countries have become commonplace with the rise of the global economy and the unbounded nature of the Internet.12 For example, EU companies routinely transfer and receive data from companies in third countries when seeking digitally deliverable services such as consulting, architecture, design, and finance.13

Both EU and U.S. government officials recognized that U.S. data protection standards were likely far too different from the DPD to be considered "adequate."14 As a result, the United States entered into negotiations with the EU, leading the U.S. Department of Commerce to issue the Safe Harbor Privacy Principles in 2000.15 Shortly thereafter, the Commission recognized the Safe Harbor Privacy Principles as ensuring an adequate level of data protection in its Safe Harbor Decision.16 Under Safe Harbor, a U.S. company or organization could legally participate in data transfers with the EU as long as it annually selfcertified to the U.S. Department of Commerce that it had complied with certain principles and requirements regarding notice, choice, onward transfers, security, data integrity, access, and enforcement. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

UNSAFE HARBOR: THE EUROPEAN UNION'S DEMAND FOR HEIGHTENED DATA PRIVACY STANDARDS IN SCHREMS V. IRISH DATA PROTECTION COMMISSIONER
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.