Leaks show regulators won't approve US-EU data-share deal: report

Leaks show regulators won't approve US-EU data-share deal: report
© Getty Images

Leaks from an upcoming assessment of the replacement Safe Harbor deal between the United States and European Union indicated that key European regulators are likely to reject the agreement in its current form, Ars Technica reported Friday.

The so-called Privacy Shield is intended to keep commercial data flowing legally across the Atlantic, but it has faced continuous criticism from privacy advocates on both sides.

ADVERTISEMENT

According to the leaked assessment, a working group of Europe’s data protection authorities is "not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection [in the U.S.] that is essentially equivalent to that in the EU."

In other words, the Article 29 Working Party does not appear satisfied that the new deal protects EU citizens’ privacy well enough to be viable.

Although the group’s support is not a prerequisite to the deal’s ultimate approval by the EU Commission and the U.S. — where negotiations were led by the Department of Commerce — it would be a blow to the fragile agreement.

The chairwoman of the working party, Isabelle Falque-Pierrotin, earlier this week refused to publicly tip her hand on how the group might finally come down when it issues its opinion next week.

“The discussions are not over yet,” Falque-Pierrotin told reporters Tuesday. “We have expressed our points of possible concerns. We still are discussing with the American public authorities on these points. Then we’ll see what we’ll be able to say next week.”

Falque-Pierrotin has previously expressed concerns with the scope of U.S. surveillance permitted under the new agreement.

Critics have long warned that unless the U.S. overhauls its privacy and national security laws, there is no legal framework that can stand up in European courts, where privacy is considered a fundamental right under the EU Charter.

In announcing the deal, Commission officials insisted that the U.S. had provided “detailed written assurances” that surveillance of Europeans’ data by intelligence agencies would be subject to appropriate limitations.

“The U.S. has clarified that they do not carry out indiscriminate surveillance of Europeans,” Andrus Ansip, vice president for the digital single market on the European Commission, said when the deal was announced.

Onlookers believe that the working group’s approval will hinge on whether it is satisfied by the U.S.’s assurances.

“A lot of this is going to come down to whether the data protection authorities are persuaded by the U.S.’s portrayal of the cumulative protections given to European citizens and the cumulative carving back on the NSA surveillance programs,” Susan Foster, a privacy attorney at Mintz Levin who works in both the EU and the U.S., told The Hill when the deal was announced.

If the European working group is not satisfied with the assurances from the Commerce Department, the consequences could be dire. Businesses fear a chilling of transatlantic trade, valued at $1 trillion in 2014.

The most likely outcome, experts say, would be a patchwork of country-to-country regulations that would make it extremely expensive for companies to comply.

Privacy officials noted Tuesday that even if the working party does approve the Privacy Shield, the pact must still clear other hurdles before it can be finalized by the two governments, including a resolution in European Parliament.

And even if the deal is finalized, the European high court will likely still weigh in on its validity. The Privacy Shield’s predecessor, the 15-year-old Safe Harbor framework, was struck down when the court deemed that the U.S. could not be seen to adequately protect EU citizens’ privacy because of its surveillance practices.

“That’s a decision that remains with the Court of Justice,” Jacob Kohnstamm, chairman of the Dutch Data Protection Authority, said Tuesday.