BRUSSELS—The U.S. and the European Union missed another deadline
Tuesday to secure a deal on a new data-transfer framework for
companies, raising legal risks for thousands of companies that move
information across the Atlantic.
The accord is supposed to replace a previous scheme, known as
Safe Harbor, which was scrapped in October by the EU's highest
court over allegations that personal information about
Europeans—from Web-browsing habits to salary details—was
unprotected when moved to the U.S., where national intelligence
services can access it.
The EU and the U.S. had hoped to have a deal ready in time for
Tuesday, when privacy regulators of the 28 European member states
gather in Brussels. The regulators had given Washington and
Brussels until the end of January to present a new accord before
they would start to enforce the court ruling against companies that
still rely on the old one. But too many issues remained
outstanding.
"Negotiations are still ongoing, including at the political
level," EU Justice Commissioner Vera Jourova told the European
Parliament's civil liberties committee late Monday. She said she
would present further details Tuesday to rest of the European
Commission—the bloc's executive arm.
The missed deadline has pushed many companies into a difficult
position. Publicly, trade groups express confidence that a deal
will come soon, and that companies have sufficient legal
justification for the transfer of personal data to the U.S. to stay
out of hot water. Privately, however, executives say they are very
worried regulators will open cases against companies, and that any
new data-transfer deal will end up back in court anyway—exposing
them to more risk.
Some firms are considering whether they can temporarily suspend
their transfers of personal data to the U.S., or risk continuing
the transfers even though they could face legal action from EU
privacy regulators, executives and lawyers say.
"Whatever agreement is eventually reached, it's going to be
challenged," said Eduardo Ustaran, a privacy lawyer at Hogan
Lovells who works with U.S. tech firms. "Companies face some
difficult decisions."
Some regulators say they are ready to act in the absence of a
deal. "I can not imagine that we will stop law-enforcement
procedures with no more than the vague hope for a new Safe Harbor
2.0 decision," said Johannes Caspar, head of the privacy regulator
for Hamburg, Germany, where companies including Facebook Inc. and
Alphabet Inc.'s Google have offices.
The legal mechanisms that companies are using to transfer data
without Safe Harbor are under threat too. These include
standardized contracts or so-called binding corporate rules, which
is a code adopted by a multinational corporate group allowing them
to freely transfer data within the entity.
EU privacy regulators are analyzing those methods to determine
if they are still usable, given the concerns highlighted in the
court's ruling. They will present their assessment Wednesday. Some
privacy activists and corporate lawyers say it is unlikely that the
regulators will bless the other data-transfer methods without the
same legally binding assurances from the U.S. on data-collection by
national security services that the EU is seeking for a new Safe
Harbor framework.
"We'll see what they come up with—it could change our assessment
[on the alternative data-transfer methods] or it might not,"
Isabelle Vereecken, legal adviser at the Belgian Data Protection
Authority, said Friday.
That uncertainty worries companies. "If tomorrow the other
mechanisms are no longer valid, we will have a huge problem," said
Thomas Boué , policy director in Europe, Middle East and Africa of
BSA The Software Alliance, which represents Apple Inc. and
Microsoft Corp. While he says he is "very hopeful" a deal will be
done, he added: "We could be facing a pretty dire situation if
there is no clarity."
Negotiators for the U.S. and EU have been working to clinch a
deal that proves U.S. national security services don't
indiscriminately amass Europeans' data. The EU has been pushing for
more clarity about the circumstances when those intelligence
services tap into Europeans' information, but the U.S. has resisted
full transparency, claiming it could compromise how its
intelligence agencies work.
Ms. Jourova said Monday the EU was obtaining specific written
assurances from the U.S., signed at the highest political level,
ensuring that access by public authorities to personal data
transferred from Europe would be limited to what is necessary and
appropriate.
She also said it was crucial that the safeguards for individuals
from mass surveillance also apply to non-U.S. citizens.
Some lawmakers expressed concern about the new plan, including
that the legally-binding letters wouldn't go far enough to ensure
the protection of Europeans' privacy.
"I am deeply concerned about the value of the proposals in
reality," said Claude Moraes, chairman of the European Parliament's
civil liberties committee.
Ms. Jourova also outlined plans to install an ombudsman in the
U.S. State Department to respond to concerns by Europeans that
their information might have been used unlawfully by U.S.
national-security bodies.
She said the person would have to have the authority to ask
intelligence services for the information.
Ms. Jourova also stressed that the EU would continue to monitor
developments under the new arrangement once it is completed and
that they could suspend the accord if the commitments aren't
fulfilled.
"We need trust, but we have a duty to check," she said.
Write to Natalia Drozdiak at natalia.drozdiak@wsj.com and Sam
Schechner at sam.schechner@wsj.com
(END) Dow Jones Newswires
February 02, 2016 10:35 ET (15:35 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Apple (NASDAQ:AAPL)
Historical Stock Chart
From Apr 2024 to May 2024
Apple (NASDAQ:AAPL)
Historical Stock Chart
From May 2023 to May 2024