European privacy regulators will meet in Brussels on Feb. 2 to set common guidelines on how U.S. companies legally handle European citizens’ data in the absence of a recently invalidated agreement between the U.S. and European Union, Reuters reported Thursday.
"It is evident that we will sanction any transfers of personal data which are solely based on the old safe harbour decision," said Johannes Caspar, head of Germany’s data protection authority.
Regulators from both sides of the Atlantic are working to create a revised framework. They face a looming deadline from the data protection authorities, which have said they will begin to take enforcement action at the end of this month.
The U.S. has submitted a package of proposals for a new agreement, a person familiar with the matter told Reuters. Both sides have expressed optimism that they will meet the end-of-January deadline.
Meanwhile, the privacy regulators have been analyzing different legal alternatives to Safe Harbor, which allowed U.S. companies to “self-certify” that they met Europe’s stricter privacy standards.
Experts say some data protection authorities are stricter than others and companies have expressed concerns that the high court’s ruling will create a patchwork of enforcement from country to country.
For example, Germany’s data protection authority announced in October that despite the working group’s assurance, it would be proactively investigating data transfers to the U.S., beginning with Google and Facebook.
Others have expressed concerns that the new agreement will likely be struck down by privacy regulators as summarily as the original pact.
“I think you will almost immediately see European data protection agencies attack the revised agreement,” said Marc Rotenberg, president of the digital rights advocate Electronic Privacy Information Center, at a recent hearing held by two subcommittees of the House Energy and Commerce Committee.