EU and US reach new data-sharing agreement

February 2, 2016 byPan Pylas And Lorne Cook
EU and US reach new data-sharing agreement
Electronic screens post prices of Alphabet, Twitter and Facebook stock, Monday, Feb. 1, 2016, at the Nasdaq MarketSite in New York. Alphabet, the parent company of Google, reports quarterly earnings Monday. (AP Photo/Mark Lennihan)

The European Union and the United States struck a deal Tuesday over data-sharing that will allow the likes of Facebook and Apple to continue sending people's information across the Atlantic—but a legal challenge to the pact is widely anticipated.

The sides had been trying to forge an agreement since October, when Europe's top court ruled against the previous pact—known as Safe Harbor—amid concerns that Europeans' personal data stored by companies in the U.S. might be exposed to spying by U.S. intelligence agencies.

The new deal, once put in place, potentially brings an end to a period of uncertainty that had raised the prospect of legal challenges by individuals across the 28-country EU worried about privacy.

"Our people can be sure that their personal data is fully protected," said Andrus Ansip, the European Commissioner responsible for the digital single market. "Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic."

Ansip said the new framework, which will be known as EU-US Privacy Shield, will ensure the "right checks and balances" for European citizens and added that it "offers significant improvements" to the previous deal, which had been struck in the early days of the Internet at the turn of the century.

"This solution is much better than the one we had in the year 2000," he said.

Under the new deal, there will be an annual joint review of the data-sharing pact, with the first expected sometime next year. The U.S. has also promised to appoint a new official—a so-called ombudsman based at the State Department—responsible for following up on complaints upon referral from EU data protection officers.

"It's Safe Harbor with teeth," said Dyann Heward-Mills, Head of Data Protection at London-based legal firm Baker & McKenzie. "I think this is good for business certainty and consumer trust."

In its October decision, the European Court of Justice declared the Safe Harbor pact was invalid because it did not adequately protect consumers when their data was stored in the U.S., in light of the spying revelations made by Edward Snowden, a former contractor at the U.S.'s National Security Agency. Snowden's revelations had prompted the complaint to the court from an Austrian law student, Max Schrems.

The pact, which had been used by around 4,500 companies, had allowed the easy transfer of data from the EU by having U.S. companies promise to provide privacy protections equivalent to those in the EU. The EU court's ruling that the pact was invalid opened up the possibility that data privacy officers across the EU might be inundated by complaints by consumers worried about their privacy.

Vera Jourova, the European Commissioner for Justice, said the deal is a landmark as for the first time ever the U.S. has given the EU "binding assurances" that the access of public authorities for national security purposes "will be subject to clear limitations, safeguards and oversight mechanisms."

Also for the first time, she said EU citizens will benefit from "redress mechanisms" in this area.

"The U.S. has assured that it does not conduct mass or indiscriminate surveillance of Europeans," she said.

Jourova added that she's confident that the new arrangements will withstand any future court challenges as the discussions used the court ruling to help in the "formulation" of the new arrangements.

She estimated it could take up to three months to make the deal binding, while U.S. Secretary of Commerce Penny Pritzker said she expected it to be in effect in a matter of weeks. Pritzker said "it's been a long road but we've turned the corner."

Given the role cross-border data-flows play in a modern economy, the news of the deal was met with relief by many.

"We welcome the agreement, which will provide strong privacy safeguards for consumers and legal certainty for the thousands of companies that depend on trans-Atlantic data flows," said Christian Borggreen, international policy director at the U.S.-based Computer & Communications Industry Association.

Others were a bit more cautious.

The Washington, D.C.-based Center for Democracy & Technology, which did a quick analysis of the announced framework, said in a statement that despite the framework's improvement for EU citizens' data privacy it would likely face trouble in court.

"Absent reform of U.S. surveillance law, it is highly unlikely that the Privacy Shield agreement will be deemed sufficient by the (European) Court of Justice," said Jens-Henrik Jeppesen, the body's director of European affairs.

He called on the U.S. Congress to swiftly move to reform its surveillance law and for EU member states to narrow their own surveillance laws and practices to also be more aligned with international human rights norms.

And Sophie In't Veld, spokesperson for data protection for the ALDE alliance of liberals in the European Parliament, said a legal appraisal of the safeguards offered by the U.S. is needed.

"It is highly doubtful that they offer meaningful protection to European citizens, or if they meet the standards set by the European Court of Justice," she said.

She noted that the assurances seem to rely exclusively on political commitment, instead of legal acts so "any change in the political constellation in the U.S. may undo the whole thing."

Explore further: EU says US data deal 'close' despite missed deadline

Related Stories

EU says US data deal 'close' despite missed deadline

February 1, 2016

The EU's top justice official on Monday said a deal towards sealing a new transatlantic data-sharing pact was close, despite a missed deadline that could mean a crippling blow to American online giants including Facebook ...

US, EU hopeful on Internet data pact but deadline looms

January 26, 2016

US and EU officials expressed hope Monday on sealing a new transatlantic data-sharing pact before a looming deadline expires to avert a potentially crippling impact on American online firms including Facebook and Google.

Europe-US data sharing deal 'invalid'

September 23, 2015

A major data-sharing deal between the EU and US is 'invalid' given the spying revelations in the Edward Snowden scandal, the top EU court's main legal advisor said Wednesday in a case brought against Facebook.

EU, US seek 'quick solutions' to data deal void

October 9, 2015

Brussels and Washington want "quick solutions" to the legal void left by the collapse of a transatlantic data deal on which major companies like Facebook depend, a senior EU official said Friday.

Recommended for you

Microsoft aims at Apple with high-end PCs, 3D software

October 26, 2016

Microsoft launched a new consumer offensive Wednesday, unveiling a high-end computer that challenges the Apple iMac along with an updated Windows operating system that showcases three-dimensional content and "mixed reality."

Making it easier to collaborate on code

October 26, 2016

Git is an open-source system with a polarizing reputation among programmers. It's a powerful tool to help developers track changes to code, but many view it as prohibitively difficult to use.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Feb 02, 2016
Somehow I doubt it will do anything to afford real protection to citizens and instead just provide a false sense of security.
5 / 5 (1) Feb 03, 2016
Somehow I doubt it will do anything to afford real protection to citizens and instead just provide a false sense of security.

It says so in the article:

She noted that the assurances seem to rely exclusively on political commitment, instead of legal acts so "any change in the political constellation in the U.S. may undo the whole thing."

The US agencies still have the same access to the data and legal powers over it as before - meaning that they effectively don't have to follow any law. They simply "promise" not to look at your data - those sort of promises are meaningless.

They simply mean they'll have to keep a closer watch over any future whistleblowers who would expose what exactly they've been spying. As long as the EU citizens and officals don't know what's happening, there are no consequences, and even if they do know there's only going to be a bit of grumbling and fist-shaking.

5 / 5 (1) Feb 03, 2016
The deal is a BS smokescreen.
The real bottom line is that EU companies will be allowed to operate in the US without constant harassment if the US companies can keep data where the NSA can poke around in it if they choose to.
What everyone is avoiding saying is who's data it should be (The individual creating it). It should not be a negotiated sandpit for the authorities to play in. It should remain private until unlocked by a court order of the relevant nation state representative of the individual concerned.
Like any extradition protocol this only applies to states that reciprocate fairly.(Which the USA has unfortunately been shown not to do by breeching fair harbour.)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.