Justice Commissioner Vera Jourova told MEPs yesterday (1 February) that one day past the deadline given by EU privacy watchdogs, the European Commission still hasn’t struck a new Safe Harbour data sharing agreement with the US.
Data protection authorities gave the Commission until the end of January to fix a new arrangement to replace the Safe Harbour deal knocked down in October by the European Court of Justice (ECJ). But the Commission is still scrambling to agree on details with the US.
EU officials are trying to strike a deal that will restore commercial data flows between the US and Europe–and hold up in court if it’s challenged again. Over 4,000 companies signed on to use the new defunct Safe Harbour agreement.
“We need an arrangement that is fundamentally different from the old Safe Harbour,” Jourova said during a meeting of the European Parliament’s Civil Liberties, Justice and Home Affairs (LIBE) Committee yesterday evening.
Jourova told MEPs she would speak to US Secretary of Commerce Penny Pritzker on the phone after the committee meeting.
Over the last few weeks, EU and US officials have been holding increasingly frequent talks over a new deal.
The negotiations have come under pressure from Europe’s powerful national data protection authorities.
Privacy watchdogs from EU member states will meet over the next two days to thrash out their strategy on how to deal with privacy complaints. Companies that transfer large amounts of data from Europe to the US worry that national authorities might take a radical position and restrict transfers if the Commission doesn’t reach a new agreement.
Talks between US and EU officials have faltered over US intelligence agencies’ access to personal data. The ECJ verdict that ruled Safe Harbour invalid blasted mass surveillance in the US as a violation of EU citizens’ fundamental rights.
“I will not hide that these talks have not been easy,” Jourova told MEPs.
Jourova told MEPs yesterday that under a new deal, American access to EU citizens’ data would have to be “limited to what is necessary and proportionate”. Mass surveillance would violate the agreement, Jourova said.
German MEP Birgit Sippel (S&D) questioned those terms. “Access to what’s necessary? I’d be interested to hear who it will be necessary for. For industry? For national governments? For intelligence services?” Sippel asked.
Under the conditions outlined by Jourova, the US security services could still access EU citizens’ data through indiscriminate surveillance if “tailored and targeted access is not technically possible” or authorities detect a “dangerous trend that requires more than targeted access”.
Jourova also emphasised that the new agreement will designate an independent ombudsman in the US federal government who will scrutinise Europeans’ data privacy complaints.
MEPs countered that a new agreement might not even hold US authorities legally accountable if it isn’t joined by a US law guaranteeing increased data protection.
Jourova vowed that for a deal to go through, “we need signatures at the highest possible political level”. Those signatures from top US officials “will be taken by our side as legally binding,” she said.
But some MEPs argued that signatures alone would be too flimsy.
“A year from now there will be a different administration. What will the written assurances be worth if the next administration will be the Trump administration or the Sanders administration?” Dutch MEP Sophie in ‘t Veld (ALDE) asked.
A new data transfer agreement with the US will include a suspension clause, which, according to Jourova, can be drawn on if US officials don’t hold up their end of the deal.
“We don’t have any other choice but to expect continuity. If not, then we will have to suspend the new system,” she said.
Jourova will brief the cabinet of EU commissioners on the state of negotiations in a meeting today. National data protection authorities are expected to announce their position on the pending data transfer deal tomorrow (3 February).