U.S., EU reach breakthrough on new 'Safe Harbor' data transfer agreement - report [u]

in General Discussion edited February 2016
Having already missed the original Sunday deadline, U.S. and European officials are reportedly on the verge of cinching a new "Safe Harbor" deal on transferring data across the Atlantic. [Updated]

The new framework still requires political approval but should be finalized later on Tuesday, two sources close to the talks told Reuters. The exact details of the arrangement weren't mentioned.

The original Safe Harbor pact was in place for some 15 years, and made it possible for American tech companies to do business in Europe without worrying about the flow of data back and forth. In October, however, the European Court of Justice ruled the pact invalid, concerned about intrusion by U.S. intelligence agencies. The court referred to revelations by former National Security Agency contractor Edward Snowden, who exposed overreaches by the organization including mass surveillance -- often with the cooperation of business -- and even the tapping of German Chancellor Angela Merkel's own cellphone.

Negotiators are believed to have been in a rush to complete a new deal, since European privacy agencies are set to publish their own judgment on Wednesday, and some of had been threatening legal action without a framework.

A new pact should mean that companies like Apple and Facebook will be able to continue operating in Europe without having to limit how data is handled. Rumors have suggested that U.S. officials are offering concessions like a data ombudsman at the State Department, more oversight of intelligence agencies' access to European data, and the right for Europeans to press legal actions against American companies misusing their information.

Update: An agreement was later confirmed by European Commission spokesman Christian Wigand. Reuters sources said that the U.S. will indeed appoint a new ombudsman within the State Department, and that other oversight measures will include an annual review by the European Commission and the U.S Department of Commerce, as well as cooperation between European privacy agencies and the U.S Federal Trade Commission. The latter two groups will help monitor the system and respond to complaints by European citizens.

The U.S. Office of the Director of National Intelligence is reportedly providing written commitments that data transfers won't be subject to indiscriminate mass surveillance.

Businesses, meanwhile, will potentially face sanctions and/or exclusion from the new pact if they fail to follow rules.


  • Reply 1 of 4
    Any protections for US data in Europe?
  • Reply 2 of 4
    If you are really interested : http://ec.europa.eu/justice/data-protection/ There is a link to the Directive that is available in 21 Languages. The Directive has to be implemented into the Law of each Member State. Since this was Passed in 1995 it should be Implemented in all of Europe.
  • Reply 3 of 4
    cnocbuicnocbui Posts: 3,613member
    "The U.S. Office of the Director of National Intelligence is reportedly providing written commitments that data transfers won't be subject to indiscriminate mass surveillance."

    That just means they have crossed their fingers behind their back with the unspoken intention of having discriminate mass surveillance.  The other enormous elephant in the room that should have been addressed is the US courts.  Had I been involved in those negotiations there would have been a demand for a guarantee of no access to to the information by any US government agency without going through an EU liaison first and I would have made the US agree to pass  laws to the effect that the data was to be completely beyond the jurisdiction of US courts.
  • Reply 4 of 4
    williamhwilliamh Posts: 1,005member
    spacekid said:
    Any protections for US data in Europe?
    In Europe, your data is protected by EU data protection laws.  The issue is that the US has sector-specific privacy / data protection laws while the EU has broad and all-encompassing data protection laws.  In order for a European company to allow a US company to take European privacy data (PII - personally identifiable information) out of Europe, they have to agree to handle the information according to European privacy principles, the "safe harbor agreements."  
Sign In or Register to comment.