EU: Data-sharing talks will continue after controversial ruling

EU: Data-sharing talks will continue after controversial ruling
© Getty Images

European regulators on Tuesday insisted that negotiations with the U.S. government over data-sharing regulations will continue after a European high court’s decision to strike down a crucial information-transfer pact.

The European Court of Justice earlier Tuesday morning struck down the so-called Safe Harbor agreement, which firms use to make transatlantic transfers of personal data legal, immediately invalidating the pact.


U.S. and European Union (EU) negotiators have been involved in several concurrent discussions over data privacy, including work to update Safe Harbor and a pending “umbrella agreement” that would facilitate the exchange of data during criminal and terrorism investigations.

“We will continue our discussions with the United States,” said Vĕra Jourová, the European Commission's commissioner for justice, consumers and gender equality. “Since 2013, we’ve been working with the American authorities to revise the Safe Harbor and we have made important progress that we can now build on in light of the judgment.

“Our aim is to step up discussions with the U.S. [for] a renewed and safe framework for the transfer of personal data across the Atlantic,” Jourová said.

Jourová’s comments echoed reassurances made over the weekend by U.S. Commerce Secretary Penny PritzkerPenny Sue PritzkerThe Hill's Morning Report - Sanders steamrolls to South Carolina primary, Super Tuesday Biden's new campaign ad features Obama speech praising him Obama Commerce secretary backs Biden's 2020 bid MORE.

“Following the court decision, we will continue to work with our partners in Europe to protect privacy while providing certainty for businesses,” Pritzker told The Wall Street Journal in a written statement on Saturday.

The European Commission declined to provide a timeline for the discussions to update Safe Harbor. Negotiations have been stymied by disputes over the scope of exemptions granted to government agencies for national security purposes.

“I won’t be that brave to tell you any concrete date,” Jourová said. “I wanted to finalize the negotiations before summer but I found out we need more time for the national security items. Now I don’t want to make any concrete estimations.”

Technology groups urged negotiators from both sides to come to an agreement swiftly to avoid unnecessary market disruption.

“Policymakers should … finish the process of creating a Safe Harbor 2.0 with terms that give comfort to all parties,” the Information Technology and Innovation Foundation said in a statement. “In particular, the updated agreement should reflect the EU request that a national security exception is used only to the extent that it is strictly necessary and proportionate for a given incident.

“There is a clear need for the U.S. and Europe to set clear, lawful, and proportionate standards and safeguards for conducting surveillance for national security purposes,” said Jens Henrik-Jeppesen, director of European affairs at the Center for Democracy and Technology.

The U.S. has been struggling to rebuild trust after the Snowden leaks revealed the breadth of the National Security Agency’s digital surveillance of U.S. allies.

Public perception of American surveillance practices has been particularly unfavorable in the EU, where the Charter of Fundamental Rights guarantees citizens the protection of their personal data.

The decision has thrust over 4,000 firms that rely on Safe Harbor into regulatory uncertainty. Technology companies and the financial services industry are expected to be the most severely affected by the ruling.

EU commissioners emphasized that transatlantic data flows can continue under a variety of different mechanisms available under EU law, including standardized data protection clauses in contracts between companies exchanging data across the Atlantic.

Critics say each of these alternatives come with their own challenges for companies.

The commissioners also addressed fears that the ruling would lead to a patchwork of different data-privacy enforcement action between member states of the EU.

Jourová acknowledged “the need to avoid fragmentation and ensure a coordinated European approach in the internal market,” indicating that the European Commission will provide guidance to European data-protection authorities from country to country.