EU-U.S. Data Transfers Threatened Amid Race for Safe-Harbor Dealby
National watchdogs weigh next steps on EU-U.S. data transfers
EU, U.S. seeking to clinch deal to replace banned agreement
U.S. and European Union officials raced to get a new deal on data transfers by Tuesday as regulators threatened to impose tight restrictions on how technology giants and thousands of multinational companies move information across the Atlantic.
Even as negotiators work around the clock to clinch a new pact national privacy watchdogs are poised to examine the legality of hundreds of contractual workarounds that firms rushed to put in place after judges banned a so-called safe harbor agreement, said people familiar with the situation, who asked not to be named because the process is private.
If a deal isn’t reached on the safe harbor, the new probes would plunge companies into further legal limbo, lawyers said. The risk of data disruption has added impetus to EU and U.S. talks in Brussels aimed at clinching a new pact. Both sides said this week they are hopeful of reaching an agreement.
“It would create an impossible situation because businesses need data transfers to survive,” said Eduardo Ustaran, a lawyer specialized in privacy law at Hogan Lovells International LLP in London. “It will make companies question the viability of data transfers and cause worries that these transfers will become illegal.”
Back to Drawing Board
The two sides were forced back to the drawing board after the EU’s top judges said in October the safe harbor failed to offer safeguards to EU citizens when U.S.-based companies such as social media giant Facebook Inc. process personal data on customers, from billing information to the content of messages.
The safe harbor, drafted in the pre-9/11 days, was designed to facilitate trade by allowing U.S. companies with activities in Europe to shift information between their sites. It allowed companies to transfer data provided they adhered to a list of principles designed to ensure privacy isn’t breached.
“As we come up to those last couple of days, I would say we’re optimistic that a deal could be had,” said Justin Antonipillai, deputy general counsel at the U.S. Department of Commerce, as he left the talks to speak at an event in Brussels Friday morning. “We’ve done a lot” and “we’ve really tried to address the concerns raised by our colleagues.”
The panel of EU data protection authorities, called the Article 29 Working Party, initially turned a blind eye to alternatives to the safe harbor in the weeks after the October ruling.
But they set an end of January deadline for the political negotiators to come up with a deal, or face the consequences. Meanwhile, they vowed to do their own, independent analysis of how safe other transfer tools are, including standard contractual clauses used as an alternative to the safe harbor principles.
While the EU and U.S. negotiators race to find a deal, the Article 29 group is holding its own talks to decide on a response should efforts to reach an accord fail, the people said.
The French data privacy authority declined to comment on the wider probe, as did watchdogs from the Netherlands.
The European Commission, which is responsible for leading the EU negotiations with the U.S., declined to comment on the next steps if a deal isn’t forthcoming.
The Article 29 group is expected to agree on the position defended by a larger camp, including the privacy chiefs from France and the Netherlands, which would be to expand the October ruling also to other transfer tools, said the people. This scenario is worrying some EU governments, said one person.