Stanford CIS

Opinion: Forget about Safe Harbor. Modernize global privacy law instead

By Scott Shackelford on

There's a widening transatlantic divide regarding privacy rights that needs to be bridged – and soon.

But instead of coming up with another version of the data transfer agreement between the US and European Union known as Safe Harbor, we need a new set of global standards to build a common vision of privacy rights in the Digital Age.

That might sound unachievable and impractical to the more than 4,500 European and US firms that have relied on Safe Harbor for more than 15 years to transfer EU data stateside. But when the European Court of Justice invalidated that deal, in the aftermath of the Edward Snowden revelations that Europeans' data was subject to National Security Agency surveillance, it became clear that a single data agreement couldn't account for all the ways countries balance privacy, freedom of expression, and national security.

As Yale Law School Prof. James Whitman has argued, "in the law of privacy ... the contrast between Europe and the United States is stark and is growing starker."

What's more, it's becoming clear that European and US negotiators won't find a way to repair Safe Harbor before the Jan. 31 deadline that EU data protection authorities set for a new deal. Without that revised arrangement to safeguard Europeans' data from US government snooping, EU regulators have threatened "mass enforcement of illegal data transfers" starting as early as February.

Even if negotiators reach a last-minute deal on Safe Harbor, it would still face legal challenges in the EU from both European citizens and data protection authorities questioning the deal’s adequacy.

But a new Safe Harbor is simply a Band-Aid. Instead, let's start a dialog to clarify and upgrade global privacy standards. Let's flesh out the right to privacy mentioned in the 1948 Universal Declaration of Human Rights, which was expanded upon by the 1966 International Covenant on Civil and Political Rights (ICCPR) that has been signed by more than 160 nations including the US.

In particular, Article 17 of the ICCPR states, "No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation."

We also need a new protocol in the convention, updating Article 17 to include the "digital sphere" so as to create "globally applicable standards for data protection and the protection of privacy in accordance with the rule of law."

Read the full piece at The Christian Science Monitor.