|
 European data protection authorities will gather in Brussels on Feb.
2 to find a common position on which legal channels companies can
use to shuffle personal data across the Atlantic after the simplest
system, known as Safe Harbour, was quashed by the top EU court due
to concerns about U.S. snooping.
The 15-year-old Safe Harbour framework used by over 4,000 firms to
transfer Europeans' data to the United States was declared invalid
by the European Court of Justice (ECJ) on Oct. 6 because the court
found U.S. national security requirements trumped privacy
safeguards. This meant that the data were not adequately protected.
Under EU data protection law, companies cannot transfer EU citizens'
personal data to countries outside the EU deemed to have
insufficient privacy safeguards, of which the United States is one.
Revelations of mass U.S. surveillance programs where American
authorities collected private information directly from big tech
firms like Apple, Facebook and Google riled Europe two years ago,
and set the stage for the ECJ ruling.
As Washington and Brussels stepped up discussions on a new pact, EU
data protection authorities gave businesses a three-month grace
period in which they could set up alternative legal systems to
transfer data across the Atlantic.
These would cover binding corporate rules within multinationals,
model clauses between companies or requests to people for their
consent.
EU data protection authorities also urged the United States and EU
to agree a new data transfer framework in the same period, failing
which they could start taking enforcement action against companies
if they decided that alternatives such as model clauses offered no
greater protection against U.S. snooping than the old Safe Harbour
did.
The United States submitted a package of proposals on a new Safe
Harbour deal this week. These included a letter from U.S. Secretary
of Commerce Penny Pritzker explaining U.S. commitments on the
oversight of a possible new framework by both the Department of
Commerce and the U.S. Federal Trade Commission, according to a
person familiar with the discussions.
[to top of second column] |
If acceptable to the EU, a new framework could be submitted for
approval by all 28 EU commissioners on Feb. 2 to coincide with the
regulators' meeting, the person said. However, further details may
need to be ironed out after that.
EU regulators have been analyzing the legality of transfer
mechanisms such as binding corporate rules and should reach a common
position on Feb. 2, said a spokeswoman for the French data
protection authority, which will chair the meeting.
"It is evident that we will sanction any transfers of personal data
which are solely based on the old Safe Harbour decision," said
Johannes Caspar, head of the Hamburg data protection authority in
Germany which polices Google and Facebook.
He said a new Safe Harbour framework would have to include a number
of legal safeguards such as an effective judicial review and
independent oversight.
(Reporting by Julia Fioretti; Editing by Mark Heinrich)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
