EU seeks to expand privacy powers in data-sharing talks

Getty Images

The European Union is pushing to give its national privacy regulators more power under a new U.S.-EU data transfer agreement currently under negotiations, according to Reuters.

Negotiators have been wrangling over a so-called “Safe Harbor 2.0” agreement after the EU high court in October struck down the original pact, which allowed data transfers from Europe to the United States.

The original Safe Harbor, agreed to in 2000, was used by over 4,000 companies to make legal data transfers in a multitude of industries, from hospitality to social media. Europe’s data protection authorities have given negotiators until January to create a new framework before they will begin to take enforcement action against firms.

The European Commission, which is leading the talks on the EU side, wants privacy watchdogs to have more legal avenues to challenge firms' handling of data, Reuters reports.

Negotiators — led by the Commerce Department in the U.S. — are trying to address the high court’s concerns that because of U.S. surveillance practices, the original agreement did not adequately protect Europeans’ privacy rights.

The EU is particularly concerned that its citizens cannot challenge misuse of their data in the courts. One option being considered is to allow Europeans to complain directly to national authorities on data protection.

Although U.S. companies handling sensitive human resources data agreed under the original agreement to cooperate with the privacy watchdogs in the event of a complaint, negotiators have yet to agree to broaden the provision in Safe Harbor 2.0.

One sticking point is how the European watchdogs would interact with the Federal Trade Commission (FTC) in the U.S. to avoid giving the EU extraterritorial powers.

The FTC monitored U.S. companies’ compliance with the original Safe Harbor agreement, but did not address complaints from individuals.

The EU has already said that providing European citizens with judicial redress in U.S. courts is a prerequisite for a new “umbrella agreement” that would allow the two sides to exchange more data during criminal and terrorism investigations.

That deal, many years in the works, was inked in September.

Legislation offering EU citizens the right to seek legal redress for privacy violations has already been introduced by Sen. Chris MurphyChris MurphyObama takes aim at workers’ non-compete agreements Intelligence director: Withholding classified briefings from Trump, Clinton ‘not an option’ Podesta floated Bill Gates, Bloomberg as possible Clinton VPs MORE (D-Conn.) and co-sponsored by Sen. Orrin HatchOrrin HatchOvernight Healthcare: How GOP could help fix ObamaCare | Cures bill in jeopardy | Senators unveil Medicare reforms Senators unveil bipartisan Medicare reforms The holy grail of tax policy MORE (R-Utah).

The so-called Judicial Redress Act would allow the attorney general to work with other agencies to designate certain countries whose citizens would have the right to enforce their data protection rights in U.S. courts.

Observers say there is limited opposition to the bill.