EU wants tougher privacy controls in new Safe Harbor

The European Union wants to place strict limits on the U.S.’s power to request citizens’ personal information from companies in order to reach a new data transfer agreement between the two governments, a top EU official told Reuters.

Negotiators are racing to meet a looming deadline from Europe’s privacy regulators, who have said they will start to take enforcement action at the end of this month if a resolution is not reached.

"We need guarantees that there is effective judicial control of public authorities' access to data for national security, law enforcement and public interest purposes," EU Justice Commissioner Vera Jourova said at a conference in Brussels.

ADVERTISEMENT
At issue is a recently-invalidated agreement known as Safe Harbor, which allowed U.S. firms to handle European citizens’ data by “self-certifying” that they met Europe’s more stringent privacy requirements.

Europe’s high court struck down the agreement last year on the grounds that the U.S. could be seen to adequately protect users’ privacy because of its “indiscriminate” surveillance practices.

The degree of access that U.S. intelligence agencies will maintain has been a sticking point in the negotiation of a new agreement. The EU is pushing for more transparency in what data the U.S. is collecting.

So far, the U.S. has pushed back on requests that companies disclose the number of U.S. government access requests they receive.

One alternative, according to two people familiar with the talks, would be for the U.S. to provide the EU with a tally of how often its authorities access personal data on national security grounds during an annual review of the new framework.

Both sides have expressed optimism that they will meet the end-of-January deadline, although some critics have expressed concerns that the new agreement will likely be struck down by privacy regulators as summarily as the original pact.

“I think you will almost immediately see European data protection agencies attack the revised agreement,” said Marc Rotenberg, president of the digital rights advocate Electronic Privacy Information Center, at a recent hearing held by two subcommittees of the House Energy and Commerce Committee.

Businesses have urged regulations to reach a resolution by the deadline. Over 4,000 firms had relied on Safe Harbor to legally transfer data across the Atlantic.

They hope that a new Safe Harbor will bring the assurances that the tech and business community have been seeking since the original framework was struck down.

“The ruling creates uncertainty for the European and international companies that rely on Safe Harbor for their commercial data transfers, most of which are small and medium-sized enterprises,” said Computer & Communications Industry Association Europe Director Christian Borggreen following the ruling.

"This is an issue that is too important to fail," Brad Smith, Microsoft President and Chief Legal Officer, told Reuters.