AAPL Apple Inc

BRUSSELS—The U.S. and the European Union missed another deadline Tuesday to secure a deal on a new data-transfer framework for companies, raising legal risks for thousands of companies that move information across the Atlantic.

The accord is supposed to replace a previous scheme, known as Safe Harbor, which was scrapped in October by the EU's highest court over allegations that personal information about Europeans—from Web-browsing habits to salary details—was unprotected when moved to the U.S., where national intelligence services can access it.

The EU and the U.S. had hoped to have a deal ready in time for Tuesday, when privacy regulators of the 28 European member states gather in Brussels. The regulators had given Washington and Brussels until the end of January to present a new accord before they would start to enforce the court ruling against companies that still rely on the old one. But too many issues remained outstanding.

"Negotiations are still ongoing, including at the political level," EU Justice Commissioner Vera Jourova told the European Parliament's civil liberties committee late Monday. She said she would present further details Tuesday to rest of the European Commission—the bloc's executive arm.

The missed deadline has pushed many companies into a difficult position. Publicly, trade groups express confidence that a deal will come soon, and that companies have sufficient legal justification for the transfer of personal data to the U.S. to stay out of hot water. Privately, however, executives say they are very worried regulators will open cases against companies, and that any new data-transfer deal will end up back in court anyway—exposing them to more risk.

Some firms are considering whether they can temporarily suspend their transfers of personal data to the U.S., or risk continuing the transfers even though they could face legal action from EU privacy regulators, executives and lawyers say.

"Whatever agreement is eventually reached, it's going to be challenged," said Eduardo Ustaran, a privacy lawyer at Hogan Lovells who works with U.S. tech firms. "Companies face some difficult decisions."

Some regulators say they are ready to act in the absence of a deal. "I can not imagine that we will stop law-enforcement procedures with no more than the vague hope for a new Safe Harbor 2.0 decision," said Johannes Caspar, head of the privacy regulator for Hamburg, Germany, where companies including Facebook Inc. and Alphabet Inc.'s Google have offices.

The legal mechanisms that companies are using to transfer data without Safe Harbor are under threat too. These include standardized contracts or so-called binding corporate rules, which is a code adopted by a multinational corporate group allowing them to freely transfer data within the entity.

EU privacy regulators are analyzing those methods to determine if they are still usable, given the concerns highlighted in the court's ruling. They will present their assessment Wednesday. Some privacy activists and corporate lawyers say it is unlikely that the regulators will bless the other data-transfer methods without the same legally binding assurances from the U.S. on data-collection by national security services that the EU is seeking for a new Safe Harbor framework.

"We'll see what they come up with—it could change our assessment [on the alternative data-transfer methods] or it might not," Isabelle Vereecken, legal adviser at the Belgian Data Protection Authority, said Friday.

That uncertainty worries companies. "If tomorrow the other mechanisms are no longer valid, we will have a huge problem," said Thomas Boué , policy director in Europe, Middle East and Africa of BSA The Software Alliance, which represents Apple Inc. and Microsoft Corp. While he says he is "very hopeful" a deal will be done, he added: "We could be facing a pretty dire situation if there is no clarity."

Negotiators for the U.S. and EU have been working to clinch a deal that proves U.S. national security services don't indiscriminately amass Europeans' data. The EU has been pushing for more clarity about the circumstances when those intelligence services tap into Europeans' information, but the U.S. has resisted full transparency, claiming it could compromise how its intelligence agencies work.

Ms. Jourova said Monday the EU was obtaining specific written assurances from the U.S., signed at the highest political level, ensuring that access by public authorities to personal data transferred from Europe would be limited to what is necessary and appropriate.

She also said it was crucial that the safeguards for individuals from mass surveillance also apply to non-U.S. citizens.

Some lawmakers expressed concern about the new plan, including that the legally-binding letters wouldn't go far enough to ensure the protection of Europeans' privacy.

"I am deeply concerned about the value of the proposals in reality," said Claude Moraes, chairman of the European Parliament's civil liberties committee.

Ms. Jourova also outlined plans to install an ombudsman in the U.S. State Department to respond to concerns by Europeans that their information might have been used unlawfully by U.S. national-security bodies.

She said the person would have to have the authority to ask intelligence services for the information.

Ms. Jourova also stressed that the EU would continue to monitor developments under the new arrangement once it is completed and that they could suspend the accord if the commitments aren't fulfilled.

"We need trust, but we have a duty to check," she said.

Write to Natalia Drozdiak at natalia.drozdiak@wsj.com and Sam Schechner at sam.schechner@wsj.com

(END) Dow Jones Newswires

February 02, 2016 10:35 ET (15:35 GMT)

Apple (NASDAQ:AAPL)
Historical Stock Chart
From Mar 2024 to Apr 2024

Apple (NASDAQ:AAPL)
Historical Stock Chart
From Apr 2023 to Apr 2024