EU regulators may ask for 2018 review of data transfer deal

EU regulators may ask for 2018 review of data transfer deal
© Getty Images

Europe’s data privacy watchdogs could ask for a review of a pending transatlantic data transfer deal in two years, sources with knowledge of the matter told Reuters.


A working group of Europe's 28 data privacy authorities is expected this week to issue an opinion on the pact, intended to allow U.S. companies to legally handle European citizens’ data.

The group is assessing whether or not the so-called Privacy Shield adequately protects European Union citizens’ privacy under the bloc’s more stringent standards, with leaks suggesting it may reject the agreement in its current form.

The regulators may ask for another review of the framework in 2018, when a stricter EU data protection law comes into force, the sources said.

The review would be separate from an annual review process already included in the current framework language.

Although the group’s support is not a prerequisite to the deal’s ultimate approval by the European Commission and the U.S. — where the Commerce Department led negotiations — it would be a blow to the fragile agreement.

According to a draft assessment leaked last week, the working group is "not yet in a position to confirm that the current draft adequacy decision does, indeed, ensure a level of protection [in the U.S.] that is essentially equivalent to that in the EU."

In other words, the regulators are not satisfied the new deal protects EU citizens’ privacy well enough.

The group’s approval may hinge on whether it is satisfied by the U.S.’s assurances that the deal’s exception for national security purposes does not permit mass surveillance.

If the European working group is not satisfied with the explanations from the Commerce Department, the consequences could be economically dire. Businesses fear a chilling of transatlantic trade, valued at $1 trillion in 2014.

If the working party does approve Privacy Shield, the pact must still clear other hurdles before it can be finalized by the two governments, including a resolution by the European Parliament.

And even if the deal is finalized, the European high court will likely still weigh in on its validity. Privacy Shield’s predecessor, the 15-year-old Safe Harbor framework, was struck down when the court deemed that the U.S. could not be trusted to adequately protect EU citizens’ privacy because of its surveillance practices.