Tweet Cloud Computing, Data, Global Markets

Transatlantic Data Flows: Shift the Focus to How—Not If

It comes as no surprise that conversations about data protection are dominating capitals around the world. Unfortunately, those conversations are being twisted in a way that confuses the issues at hand and threatens policies like the EU-US Safe Harbor Agreement that help deliver the benefits at the core of the digital economy.

This situation is the product of the collision of two related — but separate — realms of data privacy, commercial data privacy and government access to data. While nations are moving quickly to establish a policy framework for a global cloud computing network that will connect businesses and consumers to products, services, and markets around the world, this summer’s disclosures of national surveillance practices have significantly heightened user and government concerns about access to data generally.

In the post-PRISM environment, cross-border data flows have taken center stage in discussions about consumer privacy — with some European officials calling for the suspension and termination of the Safe Harbor. Put simply, though, threatening the cross-border data flows that the Safe Harbor enables won’t solve the problem of government surveillance.

Today thousands of European and American companies are using the Safe Harbor mechanism to safely transfer data between Europe and the US. While not perfect, it is a functioning framework backed by meaningful enforcement, with industry committed to compliance. Other means for the transfer of data to and from Europe, including Binding Corporate Rules (BCR) and the EU Adequacy mechanism, are no doubt helpful, but their reach has so far been limited.

We can, and should, look at how to improve the way the Safe Harbor works. However, misguided efforts to address government surveillance by limiting commercial data flows, like suspending the Safe Harbor mechanism altogether, would have a significant negative impact on the ability of US and European companies to deliver services to users on both sides of the Atlantic. That means a significant negative impact on the delivery of digital services around the world. And importantly, it would not improve the protections in place for EU citizens when it comes to government access to data for national security.

The EU Member States will meet in the coming weeks in Brussels to discuss these and other points. Meanwhile, the European Parliament is continuing work toward agreement on a text for a new General Data Protection Regulation that it expects to put to vote before the end of the year. But there remain critical substantive points still outstanding in the proposal. The goal should not be to meet an artificial timeline based on political or diplomatic challenges, but to agree a world class, future-proof regulation that includes sound, practical rules for businesses to follow and that will deliver meaningful privacy protections for users in the commercial environment.

In the meantime, preserving the Safe Harbor — and the benefits that derive from it — should be the goal rather than the target of EU policymakers.

Thomas Boué


Thomas Boué oversees the BSA | The Software Alliance’s public policy activities in the Europe, Middle East and Africa region. He advises BSA members on public policy and legal developments and advocates the views of the ICT sector with both European and national policy makers. He leads on security and privacy issues as well as broader efforts to improve levels of intellectual property protection and to promote open markets, fair competition, and technology innovation in new areas such as cloud computing.

Prior to joining BSA, Boué served as a consultant in Weber Shandwick where he advised clients on a wide range of technology and ICT-related policy issues and represented them before the EU institutions and industry coalitions. In this role, he also served as policy and regulatory adviser for both EU and US telecom operators. Prior to that Boué worked for the EU office of the Paris Chamber of Commerce and Industry where he was responsible for the lobbying activities towards the EU Institutions in the areas of trade, education, and labor, as well as for the organization and running of seminars on EU affairs for SMEs and business professionals.

Boué holds a Master of Business Administration from the Europa-Insitut (Saarbrücken, Germany), a Certificate of Integrated Legal Studies (trilateral and trilingual Master’s degree in French, English, German and European Law, from the Universities of Warwick (UK), Saarland (Germany) and Lille II (France) as well as a Bachelor of Arts in Law from the University of Lille II, France. He is based in BSA’s Brussels office.

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen − 3 =