Just days before the Jan. 31 Safe Harbor deadline and on the 10th annual Data Privacy Day, the Senate Judiciary gave the nod to the Judicial Redress Act, which would provide citizens of major U.S. allies a course of redress regarding information shared with U.S. law enforcement, sending it on to the full Senate with an amendment that some said might delay passage of the legislation and jeopardize the U.S.'s ability to reach a data transfer pact with the EU.
The U.S. House of Representatives gave the act the thumbs up in October, moving the country one-step closer to the type of data protection for foreigners that will prompt the EU to sign off on an Umbrella Agreement hammered out in September and be more likely to approve Safe Harbor 2.0.
But the Judiciary Committee has been grappling with the merits of the act, debating them almost down to the wire as Sunday's deadline looms large.
Under the Judicial Redress Act, foreign citizens will have the same judicial redress that Americans do if their personal information is misused by federal agencies in pursuit of law enforcement action. In other words, law enforcement and intelligent agencies are not allowed to spy on foreigners unless they show just cause—and if authorities step outside of the bounds of that protection, then they have the right to judicial redress.
In October, the European Court of Justice (ECJ) Tuesday declared the EU-US Safe Harbour pact invalid, citing inadequate privacy protections.
Proponents of the Judicial Redress Act have said its passage would send a signal to the EU that the U.S. will make good on its promise to safeguard the data of citizens in other countries and prompt Europe to give the greenlight to Safe Harbor 2.0.
But the act has taken its share of criticism from some, with Senate Majority Whip John Cornyn (R-Texas) contending that the U.S. had given in too easily to European demands and introducing an amendment that said “to qualify as a covered country, a foreign country must permit commercial data transfers with the United States and may not impede the national security interests of the United States.”
The amendment received an “aye” from every member of the committee with Chairman Chuck Grassley (R-Iowa) voicing his support for both it and the act in a statement prior to Thursday's meeting. “The Act is necessary to implement the Data Protection and Privacy Agreement, a pact that will preserve and expand the ability of the United States and EU members to share critical law enforcement information,” Grassley noted.
Computer and Communications Industry Association (CCIA) President Ed Black applauded the up vote from the committee, saying in a statement it “helps restore transatlantic trust as it extends privacy rights to Europeans and enables better law enforcement cooperation" as well as supporting “finalization of a new Safe Harbor framework that thousands of U.S. and EU companies use to transfer data.”
He called the bill “a win for privacy and paves the way for progress on two data sharing agreements with Europe that will improve the economy, privacy and security of both the US and the EU.”
But Profusion CEO Mike Weston said that passage of the act will not likely “have a huge impact on Safe Harbour negotiations.” He noted in comments emailed to SCMagazine.com that if the bill were to become a law “and the US confers the same data protection to European citizens it will do little to appease the EU simply because the US currently puts little emphasis on data privacy - especially for non-US citizens.”
To create a “complete replica of the original Safe Harbor deal,” the U.S. government would have to undergo “a monumental shift” in the way it “ balances the rights of users online with national security.”
He pointed to the Cybersecurity Act of 2015 as proof that U.S. “citizens can expect little protection of their personal information online” which puts the country on a path divergent from that of the EU. “I expect a new Safe Harbour deal to be reached, but it will only be a sticking plaster and it is unlikely to restore confidence to the global tech community,” said Weston. “Large US tech companies will continue to build out their data storage capacity in Europe in anticipation of the axe eventually falling on the free flow of data across the Atlantic.”
Weston said, “The real danger is to smaller data-heavy tech companies” that will find themselves “effectively shut out of doing business in Europe for fear of EU fines or large data storage costs.”