Phil Lee writes that the collapse of Safe Harbor leads to a crisis in restoring trust that might be addressed, in part, by U.S. businesses making an anti-surveillance pledge. He writes, in part:
What does an anti-surveillance pledge look like? It takes the form of a short statement, perhaps no more than two or three paragraphs in length, under which the business would pledge never knowingly to disclose individuals’ data to government or law enforcement authorities unless either (1) legally compelled to do so (for example, by way of a warrant or court order), or (2) there is a risk of serious and imminent harm were disclosure to be withheld (for example, imminent terrorist threat). The pledge would be signed by senior management of the business, and made publicly-available as an externally-facing commitment to resist unlawful government-led surveillance activities – for example, by posting on a website or incorporation within an accessible privacy policy.
Will taking a pledge like this solve the EU-US data export crisis? No. Will it prevent government surveillance activities occurring upstream on Internet and telecoms pipes over which the business has no control? No. But will it demonstrate a commitment to the world that the business takes its data subjects’ privacy concerns seriously and that it will do what is within its power to do to prevent unlawful surveillance – absolutely: it’s a big step towards accountably showing “adequate” handling of data.
Read more on FieldFisher Privacy and Information Law Blog.