European and U.S. officials are rushing to finalize a key data transfer pact days before a meeting of EU regulators who are poised to start restricting transatlantic flows of personal data used by firms in the billion dollar online advertising industry.

A new deal is crucial for the many thousands of businesses that until late last year relied on “Safe Harbour”, a framework which protected Europeans’ data moving to the United States, when it was struck down by an EU court over concerns about U.S. Internet surveillance.

European Union data protection law says companies cannot transfer EU citizens’ personal data to countries outside the bloc deemed to have insufficient privacy safeguards — like the United States.

Revelations of mass U.S. surveillance programs in 2013 prompted the European Commission to demand that Safe Harbour, which helped over 4,000 companies avoid cumbersome EU data transferral rules, be strengthened.

Since the Oct. 6 ruling companies have been in legal limbo. While they can set up alternative legal structures to transfer data to the United States, these have been called into question by the EU’s data protection regulators.

The regulators meet in Brussels on Feb. 2-3 to decide whether they should restrict the use of alternative measures as well, such as binding corporate rules and model clauses between companies, causing particular panic in the technology world where companies such as Facebook and Google rely on moving and analyzing reams of users’ data to sell targeted advertising.

“I do think that we can reach an agreement before February 2,” said Robert Litt, general counsel for the U.S. Director of National Intelligence at a briefing with reporters on Friday.

U.S. officials met a group of EU data protection authorities on Tuesday to discuss the future of Safe Harbour, said a spokeswoman for the French regulator, which chairs the group.

One person familiar with the matter said U.S. ideas for improving oversight of the new data transfer framework – such as creating an “ombudsman” – could change the authorities’ view of U.S. rules governing its surveillance practices.

However, the two sides are still at odds over the powers of the new office, whose role would be to respond to complaints from EU citizens and data protection authorities over U.S. surveillance practices.

The European Commission is pushing for the ombudsman to have the authority to make findings about U.S. surveillance as opposed to just fielding complaints, according to one person familiar with the talks.

Another issue is agreeing on the role European data protection authorities should play in ensuring companies abide by the privacy principles in the new data transfer agreement.

The U.S. Federal Trade Commission, responsible for enforcing privacy laws in the United States, does not have to take up each individual complaint, something that is required by the European Court of Justice in its Oct. 6 ruling.

“Ultimately the DPAs are going to have to be involved,” said Julie Brill, U.S. Federal Trade Commissioner, at a conference in Brussels on Thursday.

Negotiators are hoping to reach a deal by Monday, when the European Commission will inform the European Parliament and member states.

That will enable the Commission to present the new framework to EU data protection regulators at the meeting on Tuesday, said Paul Nemitz, European Commission Director for Fundamental Rights.

(Writing by Julia Fioretti, editing by David Evans)

This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.

Related Posts

Facebook Comments

Return to Top ▲Return to Top ▲