A top European Commission negotiator on the EU-US Safe Harbour agreement said the data sharing deal gives an “incredible privilege to American companies”.
EU and US officials are in talks to draw up a new arrangement that would allow companies to move data from Europe to the US.
In October, the European Court of Justice (ECJ) ruled the 15-year-old agreement invalid on grounds that EU citizens’ privacy was endangered by government surveillance in the United States. More than 4,000 companies had signed onto the deal.
The European Commission is under pressure to produce a deal to replace Safe Harbour. Data protection watchdogs from member states met shortly after the ECJ verdict, and demanded that the Commission present a new arrangement for data transfers to the US by the end of January.
Business groups have met with EU commissioners and called for the Commission to come up with a new agreement fast.
Paul Nemitz, director for fundamental rights at DG Justice and one of the negotiators in the talks over a new deal, said yesterday (19 January) that the agreement is a boon for US companies doing business in Europe. But the US government should reciprocate by meeting EU officials’ demands, he argued.
“We incorporate them in the internal market. We treat them like European companies,” Nemitz said.
“I think we are offering a very fair deal in the Safe Harbour. It’s a special deal we only give to America. We make a special effort. But in return for this privilege, we need a special effort from the United States,” he added.
EU officials have struggled to get American negotiators to agree to stricter controls on law enforcement and security agencies’ access to data.
But Nemitz said the ongoing talks weren’t just stuck on law enforcement agencies.
“It’d be a misunderstanding to say we’re only talking about national security right now,” he said.
EU law prevents data from being transferred to other countries if they’re not determined to be on par with data protection standards in the EU. The European Commission considers personal data protection in the United States to be inadequate.
Officials are meeting to discuss a new agreement this week during the World Economic Forum in Davos, Switzerland.
Nemitz said he hoped the meetings would bring negotiations closer to data protection authorities’ timeline for a deal by the end of January, which he said is “not a formal deadline” but should be “regarded with very high respect”.
In December, Isabelle Falque-Pierrotin, the French data protection supervisor and president of the 28 European authorities, told EURACTIV the group doesn’t demand a final deal by the end of January.
But the privacy watchdogs want to see “some kind of political sign showing that they have understood the main message of the judge”, Falque-Pierrotin said.
Nemitz also said a new deal with the US would not be named Safe Harbour.
Still shaken from the ECJ decision, the Commission is wary of agreeing to a new arrangement that could also be knocked down by the court.
“It would certainly not be good for integration and for the European Commission,” Nemitz said.
Companies and trade associations are putting pressure on the Commission to wrap up talks with the US soon.
Microsoft President and Chief Legal Officer Brad Smith was in Brussels this week, and met with EU Justice Commissioner Vera Jourova, Digital Commissioner Günther Oettinger and Commission Vice President Andrus Ansip.
On Monday (18 January), Smith said during an event at Microsoft’s offices in Brussels that negotiations over a successor to the Safe Harbour agreement are “too important to fail”.
“Even when one doesn’t completely succeed one doesn’t need to accept failure,” Smith said of the looming deadline for officials to strike a deal.
The US-EU Safe Harbour agreement allowed over 4,000 companies to transfer data from the EU to the US--provided the companies guaranteed the data's security abroad. EU law considers data privacy protections to be inadequate in the US. In October 2015, the European Court of Justice (ECJ) ruled Safe Harbour to be invalid on grounds that government surveillance in the US threatens the privacy of EU citizens' data, and that there is no judicial redress for EU citizens whose data is accessed by state surveillance agencies in the US.
Since the ECJ decision, EU and US negotiators have sped up their talks to strike a new data transfer agreement. European data protection authorities from the 28 EU member states met after the ECJ decision, and asked the Commission to come up with a new deal by the end of January 2016. The data protection authorities are tasked with investigating and deciding on privacy complaints in their own member states.
- End of January: Deadline given by European data protection authorities for a new EU-US data transfer agreement.
- 2 February: Data protection authorities hold meeting.