The European Commission signed off on a new data transfer agreement with the US today (2 February) to replace the old Safe Harbour agreement.
EU Justice Commissioner Vera Jourova and Commission Vice President announced the new deal, rebranded as the ‘EU-US privacy shield’, after a cabinet meeting of the EU executive today (2 February) in Strasbourg.
The new agreement comes after months of hurried negotiations between EU and US officials that became urgent after the European Court of Justice (ECJ) ruled the Safe Harbour invalid in October.
At a meeting of the European Parliament’s Civil Liberties, Justice and Home Affairs (LIBE) Committee just yesterday evening (1 February), Jourova said a new agreement hadn’t been sealed yet.
The new arrangement was minted this afternoon. It will go into effect after the deal is formally drafted, which Jourova estimated could take roughly three months.
Jourova and Ansip insisted the agreement will hold up if its challenged again by the ECJ.
Ansip said the agreement is “robust and offers significant improvements compared to the previous scheme”.
The Commission will review the privacy shield annually with the US Department of Commerce, which manages the agreement in the US.
“For the first time ever the US has given the EU binding assurance that the access of public authorities for law enforcement of national security will be subject to clear limitations, safeguards and oversight mechanisms,” Jourova said.
The office of the director of national intelligence in the White House would guarantee those safeguards in writing. Jourova called that a “unique step” by the US to restore trust from the EU, which was in lost in some countries after spying revelations.
“The US has ruled out mass surveillance on the personal data transferred to the US under this new arrangement,” she added.
An ombudsman will be designated to oversee privacy complaints from EU citizens and work out of the US State Department.
In a conference call with journalists shortly after the Commission announcement, US Secretary of Commerce Penny Pritzker confirmed that the Federal Trade Commission, the US federal privacy authority, will work with EU data protection watchdogs to monitor complaints against the new arrangement.
“We’re confident that we’ve met the requirements of the ruling as well as the various issues that have arisen over the past two years,” Pritzker said.
“We’ve structured the negotiations around the case so that we could make sure that we address the various provisions as delineated in the opinion,” she added.
A senior official at the Department of Commerce told reporters “there would be a period of time when companies are going to have a bit of leeway” before they’re required to comply with the terms of the agreement.
The privacy shield will still include an exception for national security — a point negotiators squabbled over. The ECJ verdict blasted the US intelligence agencies for conducting mass surveillance of EU citizens’ data in the US.
The US official said that the ombudsman in the State Department would be “outside of the intelligence community” and that intelligence agencies’ requests to access EU citizens’ data could be disclosed according to US law.
National data protection authorities from EU member states are meeting today and tomorrow to agree on how they’ll handle privacy complaints and data transfer requests under the new agreement with the US.
Jourova said today that she has briefed Isabelle Falque-Pierrotin, president of the group of EU privacy watchdogs, on the new deal.