The US and EU have reached an agreement on a new pact to replace the previous safe harbor, which was made void last year. The new pact, still pending political approval, will be called the ‘EU-US Privacy Shield.’
The agreement was reached late on Tuesday night after four months of intensive talks between the EU and the US department of commerce. Talks had recently intensified after the initial January 31st deadline was passed. However both parties ensured that they were “working day and night, to achieve a deal”.
What was safe harbor?
October 2015 saw the 15 year standing safe harbor agreement between the EU and The US, come to an end. The safe harbor was an agreement between the US and EU that US companies would adhere to EU laws and standards when handling EU citizen’s data. However the recent ECJ court ruling in October 2015, found that US data laws were not to a high enough standard, and therefore transatlantic talks opened over the renegotiation of a new ‘safer harbor’.
Some terms of the new EU-US Privacy Shield:
- The US office for the Director of National Intelligence will give a written commitment that Europeans personal data will not be subject to mass surveillance.
- An ombudsman (independent from the US intelligence services) will be created in the US to handle any data related complaints from EU citizens.
- Companies who fail to adhere to data privacy standards can, “face sanctions and removal”.
- Data privacy watchdogs will work closely with the US to address any problems which arise.
- The EU and the US will do, “an annual joint review which will serve to substantiate the commitments made”.
Positives
Both sides had positive statements following the agreement, with EU commissioner Vera Jourova saying the deal would protect the “fundamental rights” of EU citizens, while the US secretary of commerce Penny Pritzker emphasized the importance the pact would have on international economies, “it will provide certainty that will help grow the digital economy and will be essential to transatlantic commerce”.
This puts to rest the legal uncertainty faced by international tech businesses in the four months it took to reach this agreement. As while the negotiations initially dragged on, it left companies in a litigation limbo, where US firms had to “comply individually with the unique take on data protection law exercised within each country of the EU.” The new pact will therefore dispel any potential disruptions to the international tech market a breakdown in talks could potentially have caused.
Skepticism
However some skeptics see this as a short term solution to allow large businesses to continue operating as before, “providing comfort to global companies so they can continue to do business with Europe”. Thus leaving the average EU citizen in no better position than it was before the initial safe harbor talks reopened.
Chief skeptic and catalyst of the re-opened safe harbor talks Max Schrems had to say on the matter;
“A couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit US law allowing mass surveillance,"
However EU commissioner for Justice Vera Jourova also commented on the issue;
“The US has given binding assurances that access for law enforcement will be subject to clear limitations, safeguards and oversight . . . We will hold the US accountable to the commitments they have made”
Time will ultimately tell, as although a preliminary agreement has been reached, it appears the issue is still very much an open topic and will remain so for cross Atlantic relations. However it can certainly be viewed as a step in the right direction.
What’s next?
EU commissioners Jourova and Ansip will in the coming weeks, prepare a draft ‘adequacy decision’. In the meantime, the U.S. will make the necessary preparations to put in place the new framework, monitoring mechanisms and new Ombudsman.
The Full press releases from the EU Commission can be found here