A last minute agreement on EU-US ‘Safe Harbour’ transatlantic data transfers has been announced, in a move that could save business millions in extra fees for privacy protection… but many critics are wary of the privacy implications for citizens.
The two sides have been working on the deal since last October, when the European Union’s top court struck down the 15-year-old ‘safe harbour’ pact between the US and EU letting US companies import the personal data of Europeans.
Businesses warn that a lack of a deal could stall vital data flows in everything from banking to e-commerce.
The EU’s privacy laws are amongst the toughest in the world, and companies are not permitted to send personal data elsewhere.
The EU is also a vast single market, and so highly attractive to non-EU companies. Safe Harbour was the system agreed between the EU and USA that permitted US companies to obtain accreditation that guaranteed data protection equivalent to that found in the European Union.
In the wake of the Edward Snowden disclosures that US authorities accessed data on Europeans when it was held in the US, the European Court of Justice (ECJ) decision made this system invalid, so a new set of rules was needed.
As a result, a last gasp deal was reached this week on US-EU transatlantic data sharing, with European Commission vice president Andrus Ansip announcing that a framework agreement is now in place, “that will ensure the right checks and balances for our citizens”.
Now US authorities have pledged that the US will avoid “indiscriminate mass surveillance” of EU citizens.
Under the new scheme, a US ombudsman will follow up on complaints from EU citizens made via European data protection agencies (DPAs). Civil Liberties Committee chair Claude Moraes (S&D, UK) promised that the European Parliament will play the role of watchdog for citizens over any new Safe Harbour agreement.
Tomorrow (Wednesday 3 February) DPAs across the EU will say what they think about the new agreement; they are now empowered to investigate agreements previously made by the European Commission. A draft agreement will then be drawn up in the next few weeks, according to Brussels’ justice commissioner, Věra Jourová, to be called The EU-US Privacy Shield.
For now though, the approximately 4,000 companies affected are expected to be relieved that a deal has been struck.
The remaining stumbling block concerns transparency and oversight of data transfers and privacy protections. EU officials say the US has not yet provided enough information on the way it collects data for intelligence purposes.
Robert Litt, counsel for the US Office of the Director of National Intelligence, insisted on Friday that Washington had explained “in great detail” the legal framework concerning the national security services, including oversight.