European negotiators want a new U.S.-EU data transfer pact to require U.S. businesses to report intelligence agency requests for information on European citizens, according to EU Justice Commissioner Vera Jourova.
{mosads}“What we wanted was to have a double check from the side of the companies themselves, which should show us at least the number of cases when the data was used or required from the national authorities,” Jourova said in an interview with The Wall Street Journal published Thursday.
Jourova begins meetings in Washington, D.C., today with senior U.S. officials to hammer out a new agreement to replace the so-called Safe Harbor pact, which allowed U.S. companies to legally handle European citizens’ data.
The EU high court struck down the 15-year-old agreement last month over concerns that, because of U.S. surveillance practices, American companies could not be seen as adequately protecting private information.
Negotiators, led by Jourova on the EU side and Department of Commerce Chief Penny Pritzker in the U.S., have agreed to an annual report that will be published each year. They continue to wrangle over how to handle intelligence requests for information, Jourova says.
The U.S. prefers that such disclosures be done on a voluntary basis. Some critics have called the proposed deal one-sided, noting that EU companies handling American data are not required to provide the same information to the United States.
The EU also wants more “qualitative” information included in the report to give European regulators a better idea of why intelligence agencies are requesting the information.
“We will also have a list of criteria on the necessity and proportionality of this access and this is something we would like to have better under control,” Jourova said. She says she will provide the U.S. with a number of options during her visit this week.
She notes that some of this “qualitative” reporting may not be possible under the public report due to national security concerns.
Some U.S. firms already publicly disclose this information. Facebook said yesterday that government requests for data globally jumped 18 percent in the first half of this year — to 41,214 requests from 35,051 requests in the second half of 2014.
Negotiators are on a tight schedule to reach an agreement. Data privacy regulators in the EU have given the two parties three months to come up with an alternative to Safe Harbor before they start taking enforcement action.
The 4,400 U.S. firms that relied on Safe Harbor to handle European data — for everything from hotel bookings to social media — have been left scrambling for alternatives.
Jourova expressed “positive feelings” about the negotiations, noting, “I think things are achievable.”
“We are under huge pressure because we mean it when we say that we need to finalize this within three months,” she said. “I would like to have it earlier for the sake of urgency and necessity to guarantee the legal certainty for the businesses.”