• 04.30.16

The Supreme Court May Have Just Derailed Europe Safe Harbor Agreement

The new rules won’t help assure Europeans their data is safe from surveillance on the servers of U.S. companies.

The Supreme Court May Have Just Derailed Europe Safe Harbor Agreement
[Photo: Flickr user massmatt]

On Thursday, the Supreme Court gave federal agencies far wider latitude to hack and search into computers around the world, and the decision could have a chilling effect on digital trade relations between the U.S. and Europe.


The court made changes to the Federal Rules of Criminal Procedure that will allow U.S. law enforcement to remotely hack and search computers of unknown location, computers whose location has been obscured by digital means, and even computers of cybercrime victims.

The European Union has been extremely sensitive to U.S. government cybersurveillance since Edward Snowden revealed massive government surveillance programs in 2013.

The warrant rules changes Thursday could revive those fears, and endanger a painstakingly struck Safe Harbor agreement between the U.S. Commerce Department and the European Commission. The two sides agreed on a legal framework for a new Safe Harbor agreement February 2, but that framework still awaits final approval by the E.U.

E.U. Commissioner Vera Jourová said this in a statement announcing the February 2 agreement: “For the first time ever, the United States has given the E.U. binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards, and oversight mechanisms. In the context of the negotiations for this agreement, the U.S. has assured that it does not conduct mass or indiscriminate surveillance of Europeans.”

Here’s the background: The old Safe Harbor agreement (from 2003) was invalidated last October by the European Court of Justice. This was “specifically due to perceived overreach by U.S. law enforcement and intelligence agencies,” says Cooper Levenson attorney Peter Fu, who advises private companies on international data issues. After the decision, the E.U. set about adjusting trade regulations to require greater data privacy guarantees from U.S. companies.

“This will lead to the elimination of the DMCA (1996 Digital Millennium Copyright Act) and CDA (1996 Communications Decency Act) safe harbors enjoyed by U.S. companies providing services to Eurozone customers,” Fu says.


The work of getting an official new Safe Harbor on the books has been under way ever since that announcement. “Things were looking good until yesterday,” Fu says.

The Supreme Court’s rule change will take effect on December 1 unless Congress decides to pass a law countermanding the court’s decision. That could mean seven months of uncertainty for the U.S. Commerce Department and the European Commission. And there’s also the possibility that Congress will decide to hold the issue until the next president is in office.

The Commerce Department could not be reached for comment on Friday.