EU Regulators Keen To Restrict US Data Transfers

European privacy regulators are reportedly hardening their stance over the transfer of personal data to the United States, because of US surveillance concerns.

The development comes as both sides rush to agree a new deal, dubbed “Safe Harbour 2.0” before a number of pressing deadlines.

Playing Hardball

The first deadline is the end of January, when European privacy regulators will begin to take legal action after the ruling by the European Union Court of Justice (CJEU) last October. That ruling stated that the existing Safe Harbour data-sharing agreement between the United States and Europe, which had been in existence for 15 years, was invalid and cannot be used.

The second deadline is on 2 February, when privacy regulators for the European Union will meet on in Brussels to thrash out a new data transfer agreement with the United States. That meeting will decide to what extent companies should be allowed to continue transferring Europeans’ data to the United States.

But as the two deadlines looms, there are signs that the European position is hardening.

European Union privacy regulators are leaning toward the restriction of personal data transfers to the United States because of the risk of US surveillance, Reuters quoted two sources familiar with the matter as saying.

It is understood that European regulators held a preparatory meeting this Wednesday (ahead of the February meeting) to discuss a range of possible outcomes. Talks centred around the “freezing” of all new authorisations for US data transfers on the basis of binding corporate rules within multinationals or standard contractual clauses between companies, the Reuters sources said.

As it currently stands, EU data protection law does not allow for European companies to transfer data to countries outside the EU that are deemed to have insufficient privacy safeguards. After the CJEU ruling in October, the United States is now classified as having insufficient privacy safeguards.

But companies can still transfer data if they establish complex legal structures such as binding corporate rules or standard contractual clauses. The old Safe Harbour agreement allowed companies to transfer data to the US, without having to create such complex legal arrangements.

The meeting in Brussels will make a final decision, but Reuters did report that not all European privacy regulators are in favour of the restriction of personal data transfers to the US.

And it seems that the ball is still very much in the America’s court, because if the European Commission, which is negotiating with Washington over Safe Harbour 2.0, presents the regulators with a better system, their position may change.

“That will change the whole game,” one of the sources told Reuters, “and could stop the data protection authorities from taking action.”

Tough Stance

The EU has not been afraid to play hardball over the matter.

Last month, the EU warned that if it fears the United States is not safeguarding privacy enough, it can suspend the new agreement.

The Commission has also effectively told the United States the ball is in their court regarding the future progress of the new Safe Harbour data agreement.

The suspension of the Safe Harbour agreement in October certainly caused a great deal of anxiety for many firms. Even more concerning is that firms could potentially face legal action over the matter.

The British data protection watchdog last year sought to reassure British businesses, and the EC has also published its own guidelines for firms, but it has effectively warned that the current Safe Harbour deal is dead and buried, and should not be used.

Following the NSA spying revelations. Where do you store your data?