EU, US strike deal in principle on new data-sharing pact

The European Union on Monday said it had struck a deal in principle with the United States on a new data-sharing agreement to allow digital information to flow between borders.  

The agreement comes just weeks after the European Court of Justice invalidated a long-standing Safe Harbor data-sharing pact, leaving over 4,000 companies scrambling to find new ways to legally transfer data between the U.S. and EU nations.

“There is agreement on these matters in principle, but we are still discussing how to ensure that these commitments are binding enough to fully meet the requirements of the court,” Justice Commissioner Vera Jourova told European lawmakers.

The two sides are close to concluding talks, Jourova said, adding that an agreement could be finalized in the coming months. 

{mosads}For 15 years, U.S. companies had used Safe Harbor to “self-certify” that they met the more-stringent European privacy protection laws in order to handle EU data.

But the European Court of Justice (ECJ) in early October ruled that Europeans’ data was not adequately protected when transferred to the U.S., citing U.S. government surveillance programs and weak laws governing digital privacy.

After the ruling, negotiators accelerated ongoing talks to update Safe Harbor. The two sides had started discussions after government leaker Edward Snowden revealed the clandestine surveillance programs that worried the ECJ. 

The new Safe Harbor would include greater oversight from the Commerce Department and the Federal Trade Commission, according to Jourova.

“This will transform the system from a purely self-regulating one to an oversight system that is more responsive as well as proactive and back[ed] up by significant enforcement, including sanctions,” she said.

The deal would also establish mechanisms allowing consumers to seek redress for personal data misuse.

An annual review would investigate whether the U.S. government was adhering to limits placed on accessing Europeans’ data.

“This is the biggest challenge in the judgment,” Jourova said, adding that the U.S. should be commended for passing reform measures such as the USA Freedom Act, which ended some of the government’s more controversial surveillance practices. 

A new Safe Harbor would bring assurances that the tech and business community have been seeking since the original framework was struck down.

“The ruling creates uncertainty for the European and international companies that rely on Safe Harbor for their commercial data transfers, most of which are small and medium-sized enterprises,” said Computer & Communications Industry Association Europe Director Christian Borggreen following the ruling.

Lawmakers such as Sen. Ron Wyden (D-Ore.) have criticized the ruling as well and used it to call on Congress to pass stronger data privacy laws.

“They were saying that our privacy policies are not adequate now,” he told reporters last week.