Thanks to revelations about government spying, a revamped version of a 15-year-old agreement governing the exchange of personal data between EU and the U.S. still seems a long way off, threatening the ability of American companies to do business in Europe.
The E.U. Safe Harbor framework is a set of standards for protecting the privacy of EU residents when their data is transmitted to the U.S. It contains policy directives that must be taken into account in order for companies like Google, Facebook, Microsoft and thousands of small companies in all sorts of businesses to process data in the U.S. from EU citizens.
However, the revelations by Edward Snowden about U.S. National Security Agency spying have shaken European confidence about data exchanges between the EU and the U.S. In November last year, about five months after Snowden's leaks appeared in the press, the European Commission sent a list of 13 demands to the U.S., basically saying: This is what we need you to do to keep the Safe Harbor agreement in place.
It asked the U.S. authorities to identify remedies by this summer. But so far, a deal is not in sight. That, at least, is the story that emerged this week at the Europe Data Protection Congress in Brussels. At the conference, organized by the International Association of Privacy Professionals (IAPP), attendees were given an update on negotiations on the Safe Harbor agreement by EU and U.S. officials.
Last month, U.S. lawmakers were reminded that they need to address European concerns when Andrus Ansip, the new vice president of the European Commission responsible for the Digital Single Market, said that he was willing to suspend the Safe Harbor agreement if that does not happen.
While 11 of the 13 demands have been sorted out, two are still being negotiated, said Ted Dean, deputy assistant secretary at the U.S. Department of Commerce (DOC), during the conference. The two remaining points of discussion involve national security, said Dean, who added that as his department is not the lead agency on this, he could say little on the subject.
However, of the two remaining issues, the most important is a requirement for the U.S. to only use the national security exception in the Safe Harbor agreement "to an extent that is strictly necessary or proportionate," according to Isabelle Falque-Pierrotin, chairwoman of the Article 29 Working Party (WP29), which represents European data protection authorities and advises the European Commission on Safe Harbor issues. Perhaps most importantly, European officials do not want the security exception to be used for mass surveillance of European citizens.
Aside from the ongoing slog of negotiations, U.S. and EU officials agreed that the Safe Harbor agreement is one of the most important legal-policy compliance tools between the two continents.
Sign up for CIO Asia eNewsletters.