European Union privacy regulators are considering freezing any U.S.-EU data transfers under existing laws, putting more pressure on negotiators to reach a deal on transatlantic data transfers, Reuters reports.
The ruling left the 4,400 companies — from travel firms to social media — that relied on Safe Harbor to handle European citizens’ data scrambling for legal alternatives that many say are cumbersome and expensive.
Two of the most likely options, having companies set up corporate rules or contractual clauses that specify how to handle the data, are now in jeopardy. Even those firms that already have those legal mechanisms approved by regulators could be affected by a privacy complaint, sources said.
Not all of the data protection authorities are in favor of restricting transfers.
Since the decision, critics have warned that some data protection authorities are stricter than others and that the high court’s ruling could create a patchwork of enforcement from country to country.
Germany’s data protection authority announced in October that despite the working group’s assurance, it would be proactively investigating data transfers to the U.S., beginning with Google and Facebook.
A spokeswoman for the French data protection authority, which leads the working group of regulators, told Reuters that a final decision will not be made until Feb. 2.
U.S. and EU negotiators have a Jan. 31 deadline to strike a deal on a strengthened Safe Harbor framework that addressed some of the snooping concerns.
Although officials insist they are close on a deal, nothing has been finalized yet.
If negotiators do manage to reach a deal by the deadline, a source told Reuters, it could impact the privacy regulators’ final decision.
"That will change the whole game," one of the sources said, "and could stop the data protection authorities from taking action."
Some have expressed concerns that the new agreement will likely be struck down by privacy regulators as summarily as the original pact.
“I think you will almost immediately see European data protection agencies attack the revised agreement,” said Marc Rotenberg, president of the digital rights advocate Electronic Privacy Information Center, at a recent hearing held by two subcommittees of the House Energy and Commerce Committee.