January

The EU Commission has reviewed the working of the U.S. Safe Harbor programme on transfers of personal data from the European Economic Area to the U.S., and says that it will wait until summer 2014 to see whether it will suspend, modify or even revoke its Safe Harbor decision based on the progress that the U.S. has made by then. Data Protection Authorities in the EU as well as the Commission have had concerns over the scheme due to lack of enforcement, general formulation of the principles and the high reliance on self-certification. Since 2009, the U.S. Federal Trade Commission has brought 10 enforcement actions against companies based on Safe Harbor violations. Most worryingly, there have been false claims of Safe Harbor adherence. The Commission says that about 10% of companies claiming membership in the Safe Harbor are not listed by the U.S. Department of Commerce as current members of the scheme. The Department of Commerce says that it has now started to contact Safe Harbor participants one month prior to their certification renewal date to alert them. It has also made it mandatory for Safe Harbor participants to make their privacy policy readily available on their public website.Self-certified companies should publish privacy conditions of any contracts they conclude with subcontractors and any false claims should continue to be investigated.

"The keynote stage at the IAPP Data Protection Congress in Brussels became a diplomatic back and forth as Constantijn van Oranje-Nassau, the Head of Cabinet of Vice-President of the European Commission Commissioner for the Digital Agenda Neelie Kroes, first delivered the European Commission 's view of data protection and then was followed by an address from U.S. Federal Trade Commissioner Julie Brill. Both emphasized the need to encourage innovation and the threats to privacy posed by new Big Data business models. Both expressed hopefulness and optimism that the U.S. and the EU would find a way to work together on data transfer regulations. Reading between the lines, it was easy to see a desire from both parties to preserve data transfer mechanisms like Safe Harbor in order to set up a good old-fashioned battle between their respective industries looking to turn a profit in the online space. ""We need to insure that new technologies address privacy, though, without the law being a straightjacket, said Oranje-Nassau. ""Mastering Big Data means mastering privacy."" Brill 's speech echoed the commission 's language as she discussed the future of the U.S.-EU transatlantic relationship. ""As we contemplate the course, we have to decide whether we, regulators and industry, will be able to work together to both protect consumer privacy and spur innovation."""

The steady stream of media reports on the privacy differences between the EU and the U.S. would have you believe that cross-border data sharing is nothing but storm clouds over the Atlantic. However, the forecast for the Pacific appears to be fair weather and blue skies, and the data protection authorities (DPAs) in Brussels are taking note. As global data flows are accelerating, data privacy laws around the world are proliferating. For example, of the 21 economies that comprise the Asia-Pacific Economic Cooperation forum (APEC), nearly a dozen have introduced or updated laws that protect personal information privacy since 2010. APEC represents 40% of the world 's population, 54% of the world 's GDP and 40% of world trade�and growing fast. In the last 10 years, APEC has established a regional privacy framework that maximizes privacy protection while facilitating cross-border information flows. APEC uses the Cross-Border Privacy Rules (CBPR) system, a set of enforceable rules developed by an organization based on APEC Privacy Principles. While APEC has the CBPR system, the EU has been experiencing an increase in the use of Binding Corporate Rules (BCRs). The synergies of the CBPR-BCR systems have the potential to become the brightest spot on the horizon for finding interoperability among two enormous economic regions. From a business standpoint, compatibility between CBPR and BCR could offer an effective approach to developing a solution to sharing cross-border data sharing globally.