EU and US strike new privacy deal following demise of Safe Harbour

Andrus Ansip

The EU and US have reached an agreement on a new scheme to allow companies to move personal data across the Atlantic following months of negotiations.

Officials agreed a framework for a new deal to replace “Safe Harbour”, the system that was ruled illegal by the European Court of Justice last year following a case brought by an Austrian law student.

America has made assurances that the new scheme – “Privacy Shield” – will safeguard Europeans’ data according to the European Commission.

The US has agreed not to undertake “indiscriminate mass surveillance on personal data”, and will be required to protect Europeans’ data.

Commission vice-president Andrus Ansip said: “We have agreed on a new strong framework on data flows with the US. Our people can be sure that their personal data is fully protected. Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic.

“We have a duty to check and we will closely monitor the new arrangement to make sure it keeps delivering. Today’s decision helps us build a Digital Single Market in the EU, a trusted and dynamic online environment; it further strengthens our close partnership with the US. We will work now to put it in place as soon as possible.”

Vera Jourova, the European justice commissioner added: “For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms.”

Industry group Digital Europe said: “We believe that this new framework agreement will re-establish a sustainable path for data transfers between the EU and US.”

Commenting on the Privacy Shield, Mishcon de Reya partner Adam Rose said: “Whilst the president of the European Council is seemingly promising the UK a sort of veto over EU laws generally, each of the 28 member states’ data protection authorities are nonetheless being asked if they will veto proposals agreed between the EU’s justice committee and the US Department of Commerce allowing personal data collected in the EU to be held by organisations in the US. The big question here is whether any country’s data protection authority will attack the new proposed scheme.

“Most commentators have noted that the Privacy Shield doesn’t actually appear to address the fundamental issues that caused the death of the Safe Harbour programme, namely, that US authorities were able to ‘snoop’ on data with little, if any, control.”

He added: “The proposed Privacy Shield relies on a US assurance that there will be limitations, safeguards and oversight of any future such access for law enforcement and national security bodies, although given the past record, that might not satisfy everyone. However, the fact remains that unless something is put in place, businesses around Europe will find that the way they do business will be affected.

“In a data-driven world, balancing the rights of citizens and consumers opposite the needs of businesses is not easy – the Privacy Shield programme is almost certainly not the perfect answer, but will any data authority be willing to put its head above the parapet?”

 

Share icon
Share this article: