Europe and US close to deal on data transfers
The EU and United States have been racing to replace the previous data transfer framework called Safe Harbour. The European Court of Justice (ECJ) struck it down last year over concerns about US mass surveillance, leaving thousands of companies in legal limbo.
While the new pact would still need political approval the two sides were close to finalising the framework yesterday a day before European data protection authorities end a two-day meeting in Brussels, sources close to the talks said.
The regulators are poised to restrict data transfers because of concerns about US surveillance practices, but have indicated that if a new deal is in place by then it should avoid new legal proceedings against companies.
The new framework will include stronger oversight of companies’ compliance and guarantees from the US that access to data about European citizens will be subject to clear safeguards and limitations, the sources said.
For 15 years, Safe Harbour allowed more than 4,000 companies to avoid cumbersome EU data transfer rules by stating that they complied with EU data protection law.
EU law bars firms from transferring the personal data of EU citizens to countries outside the bloc deemed to have insufficient privacy safeguards — such as the United States.
Cross-border data transfers are used in many industries for sharing employee information, when consumer data is shared to complete credit card, travel or ecommerce transactions, or to target ads based on customer preferences.
A deal would come as a relief for firms on both sides of the Atlantic who face a crackdown from EU privacy regulators on the alternative legal systems used to transfer data, such as binding corporate rules and model clauses.
It would mean companies such as Facebook and Google should no longer face the prospect of having their ability to move user data across the Atlantic curtailed.
To allay Europe’s concerns about mass US surveillance, US secretary of state John Kerry committed to creating a new ombudsman within the American state department to follow up on complaints from EU citizens about US spying, the sources said.
Revelations of mass US surveillance programmes in 2013 prompted the European Commission to demand Safe Harbour be strengthened and led to the court case that sounded the death knell for the framework.
The US office of the director of national intelligence will provide written commitments that personal data transferred under the framework will not be subject to indiscriminate mass surveillance, the sources said.
An annual review by the European Commission and the US department of commerce will ensure the system is working well and US commitments on spying are being protected, they said.
Companies will face sanctions and exclusion from the framework if they fail to comply with privacy rules.
European data protection authorities will work with the US Federal Trade Commission to police the system and respond to complaints from EU citizens about their data being misused.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
