In the wake of revelations regarding U.S. intelligence programs, the European Union is calling for a revised U.S.-EU Safe Harbor Framework that could increase the compliance burden for IAB members.
According to European data protection law, companies are not allowed to transfer consumer data outside of the EU unless there is a guarantee that the data will receive an “adequate” level of protection, as determined by the European Commission. In 2000, the EU found the Safe Harbor Framework proposed by the U.S., a voluntary self-certification program that requires participants to publicly adhere to principles such as notice, choice, access, and enforcement, satisfied the “adequacy” requirement of European law.
Since then, the Safe Harbor Framework has provided more than 3,000 businesses, including a significant share from the digital advertising industry, a means to transfer data across the Atlantic in a streamlined and cost-effective manner that ensures consumer protection. The Framework accomplishes this by offering U.S. companies an efficient compliance process, and European companies and consumers an easily accessible list of compliant participants.
This Framework has been a major success for businesses of all sizes and types, and has allowed for borderless innovation and job creation. Today, the combined U.S./EU digital advertising marketplace represents $92 billion in annual revenue, nearly 70% of the global industry. In the U.S. more than 300 Safe Harbor certified companies use the Framework to conduct advertising services. From a recent poll of IAB member companies, an even higher percentage of our members participate in the program, thereby allowing them to efficiently build an international digital supply chain.
Despite its many successes, critics of the program argue that recent revelations of the scale of U.S. surveillance activities necessitate a strengthened Framework. In response, last November the European Commission proposed 13 recommendations
to “restore trust in data flows between the EU and the U.S.”
The stated goals of the EU’s recommendations are to increase transparency, create a more active enforcement and auditing process, limit the scope of U.S. authorities’ access to EU data, and improve dispute resolution processes. Several of these recommendations reinforce the original Framework without creating unnecessary burden on businesses. Other recommendations, such as requiring companies to publish the privacy provisions of their contracts with subcontractors and notify the U.S. Department of Commerce of onward transfers of personal data under the Safe Harbor Framework, are not workable for industry and provide no additional protections for consumers.
The IAB Public Policy Office is working to ensure that the updated Framework takes into account the digital advertising industry’s perspectives. Our industry represents a significant share of the U.S. and EU economies, allowing us to provide meaningful insights into the impact changes to the Framework will have on digital advertising and the economy at large. We are also coordinating our research and messaging internationally through the IAB global network of 26 European-based IABs to more fully capture the impact any changes to the Safe Harbor Framework will have on the transatlantic trading relationship and the international business community. Our advocacy is taking place on both sides of the Atlantic, which is the only way we can effectively negotiate an acceptable solution.
The U.S. and EU negotiators have expressed interest in finding solutions to the EU’s recommendations by this summer. As negotiations progress we will continue to push for a workable Framework that allows for the free flow of data between the World’s two largest digital marketplaces. For more information please contact Alex Propes at [email protected]
About the Author
Alex Propes is Senior Manager, Public Policy, at the IAB.