EU-U.S. Data Pact Under Threat as Paris Attacks Expose Riftby
Talks on new safe-harbor deal may miss Jan. 31 deadline
EU side hopes to jump-start discussions at Davos, people say
Talks over a key trans-Atlantic data-sharing pact have stalled amid a clash over how to control U.S. security agencies’ access to private information about European Union citizens in the wake of November’s Paris attacks, people familiar with the negotiations say.
The rift may thwart plans to meet a Jan. 31 deadline to reach a deal to replace the so-called Safe Harbor agreement that governs how commercial electronic data is transferred by companies between Europe and America, according to the people, who asked not to be named because the process is private. The EU hopes to jump-start the talks during the World Economic Forum in Davos, Switzerland next week, they said.
“The attacks in Paris have further highlighted the need to strike the correct balance between privacy and security,” said William Long, a privacy specialist and partner at law firm Sidley Austin LLP in London.
The two sides were forced back to the negotiating table after the pact, which dates back to 2000, was struck down in October by EU judges for failing to offer safeguards to EU citizens when U.S.-based companies such as social media giant Facebook Inc. process personal data on customers, from billing information to the content of messages. The EU demanded reassurances about spies’ access to data and a pledge from U.S. authorities to follow up on complaints.
Some U.S. officials hoped the EU would tone down its demands after the tragedyin Paris gave a deadly reminder of what can happen when intelligence fails, the people said. But rather than backtrack, Vera Jourova, the EU’s justice commissioner, has continued to press for better privacy protection -- arguing that the mass data collection revealed by former U.S. security operative Edward Snowden is pointless in the war against terror.
The European Commission said it has stepped up negotiations since the October court ruling and still seeks to meet its self-imposed deadline.
“As intense negotiations are ongoing this is not the time to discuss in any detail where we stand now, but our aim remains to conclude within three months, as we said at the beginning of November,” Christian Wigand, a spokesman for the Brussels-based EU regulator, said in an e-mailed statement.
The U.S. Department of Commerce didn’t immediately respond to requests for comment.
Without a new deal, lawyers say many businesses that previously adhered to a set of principles underpinning the safe-harbor accord risk being plunged into legal limbo. The EU’s privacy watchdogs have already threatened multiple “enforcement actions” if no “appropriate solution” is found by the end of the month.
The so-called Article 29 Working Party, which assembles the privacy commissioners from the 28 EU nations, will meet on Feb. 2 to discuss their position based on an analysis of the situation, said Isabelle Falque-Pierrotin, the head of the group.
“At this stage, we haven’t heard back from the American authorities on the questions we asked them,” said Falque-Pierrotin, who’s also president of the French data privacy regulator CNIL.
Giving EU regulators and data privacy watchdogs greater powers to monitor data access and handle complaints has led to push-back from the U.S., said the people familiar with the negotiations.
“Companies on both sides of the Atlantic have been thrown into this legal uncertainty without their fault and now they are looking to the EU and the U.S. to put an end to this,” said Monika Kuschewsky, a privacy lawyer at Covington & Burling LLP in Brussels. “It’s really an unsustainable situation.”
The EU is scheduled to update representatives from member nations about the talks on Friday, said one person. The main goal is to get a broad agreement as soon as possible and hash out the details later, but this may take longer now, said two of the people.
“This is not something the EU can fix on its own, you need two sides to agree,” said Kuschewsky.