Wednesday

17th Jan 2018

Security exemptions cloud EU-US data talks

  • Over 4,000 US firms relied on Safe Harbour to transfer EU data to the US (Photo: europarl.europa.eu)

US and EU negotiators are facing a long weekend to finalise a new Safe Harbour data-transfer agreement, with both sides voicing cautious optimism.

Outstanding issues on US national security access, in light of an October European Court of Justice (ECJ) ruling that scrapped the old pact, remain despite over two years of talks and an end-of-month deadline looming for a new one.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

Robert Litt, of the general counsel of the office of the US Department of National Intelligence (ODNI), who is spearheading the national security deadlock with his EU counterparts on the new Safe Harbour, told reporters on Friday (29 January) he had handed over all he could to ease European Commission doubt.

"The goal is to provide them the information they need to permit them to make a finding that we have privacy protections that are essentially equivalent to those in Europe, even if they are different from those in Europe", he said.

Litt, who describes US foreign signals intelligence activity as probably "more transparent than any other in the world", wouldn't go into detail on the security stumbling blocks.

But he noted an agreement could be reached on a new Safe Harbour before 2 February.

What went wrong?

Safe Harbour was a 15-year old data-sharing accord between the EU and the US. Over 4,000 US firms had signed up to the self-certification pact.

Enforced by the US Federal Trade Commission (FTC), the pact was riddled with loopholes and contained US national security exemptions that spooked EU regulators into demanding reforms. The revelations of former US National Security Agency (NSA) contractor Edward Snowden ignited the issue.

The Washington Post, a US daily, reported that one Snowden documents said the NSA is using the covert Prism programme to directly access big Silicon Valley companies like Apple, Google and Facebook. But all the big firms denied it.

Prism is under section 702 of the FISA Amendments Act of 2008, which grants US access to data of non-Americans, as reported by this website before the story broke in other media.

Austrian privacy advocate Max Schrems reacted to the scandal by taking Facebook to court in Ireland, its European headquarters. His case ended up in Luxembourg, where the EU court invalidated Safe Harbour.

’Has to be effective'

Fears are mounting the new pact, if concluded, may not withstand scrutiny if it goes up back to the EU judges.

Companies had relied on Safe Harbour to transfer the data of EU citizens to the US, but now want to distance themselves from it. It’s become so toxic that US federal trade commissioner Julie Brill, who leads the commercial talks on the US side, suggested a name change.

The lead Safe Harbour negotiator for the European Commission, Bruno Gencarelli, said that, whatever the outcome, the new deal has to meet the requirements of the EU court ruling.

"It has to be effective, it has to be about detection, it has to be about supervision of any infringement to be identified and punished in practice. That is very important", he said on Friday.

US amendments

Persistent concerns also remain on how to safeguard the fundamental right to privacy of EU citizens.

On Thursday, US lawmakers tried to soothe them with a judicial redress act. The act is supposed to grant EU citizens the right to file lawsuits in US courts on alleged data privacy violations. But the introduction of last minute amendments may undermine it.

"The Act doesn't fulfil the minimum requirements it is supposed to achieve," said Joe McNamee, the director of European Digital Rights, a Brussels-based NGO.

The European data protection supervisor (EDPS), Giovanni Buttarelli, said he is looking into the US act, and would issue a report in early February, as well as an assessment of a so-called Umbrella Agreement, which deals with data exchange between law enforcement agencies.

"We plan to adopt a specific opinion on the Umbrella Agreement, which will come by early February, so we see there are some connections between the two issues", he told EUobserver.

Legal limbo as EU-US data talks drag out

EU and US firms have lapsed into legal limbo on data transfer, as MEPs and top EU and US officials scramble to create a new Safe Harbour treaty amid privacy concerns.

EU and US agree data 'Privacy Shield'

A new transatlantic agreement replaces the Safe Harbour deal with what the Commission says are increased guarantees for the protection of Europeans' personal data.

Stakeholders' Highlights

  1. ILGA EuropeFreedom of Movement and Same-Sex Couples in Romania – Case Update!
  2. EU2017EEEstonia Completes First EU Presidency, Introduced New Topics to the Agenda
  3. Bio-Based IndustriesLeading the Transition Towards a Post-Petroleum Society
  4. ACCAWelcomes the Start of the New Bulgarian Presidency
  5. Mission of China to the EUPremier Li and President Tusk Stress Importance of Ties at ASEM Summit
  6. EU2017EEVAT on Electronic Commerce: New Rules Adopted
  7. European Jewish CongressChair of EU Parliament Working Group on Antisemitism Condemns Wave of Attacks
  8. Counter BalanceA New Study Challenges the Infrastructure Mega Corridors Agenda
  9. Dialogue PlatformThe Gülen Community: Who to Believe - Politicians or Actions?" by Thomas Michel
  10. Plastics Recyclers Europe65% Plastics Recycling Rate Attainable by 2025 New Study Shows
  11. European Heart NetworkCommissioner Andriukaitis' Address to EHN on the Occasion of Its 25th Anniversary
  12. ACCACFOs Risk Losing Relevance If They Do Not Embrace Technology

Latest News

  1. Post-Brexit trade roll-over not automatic, EU paper says
  2. Oettinger pushes plastic tax but colleagues express doubts
  3. MEPs target exports of cyber surveillance tech
  4. Kosovo killing halts EU talks in Brussels
  5. ECB withheld information on 'flawed' bank supervision
  6. Fewer MEPs than visitors turn up for Estonian PM
  7. EU names China and Russia as top hackers
  8. Ten Commandments to overcome the EU's many crises

Stakeholders' Highlights

  1. UNICEFMake the Digital World Safer for Children & Increase Access for the Most Disadvantaged
  2. European Jewish CongressWelcomes Recognition of Jerusalem as the Capital of Israel and Calls on EU States to Follow Suit
  3. Mission of China to the EUChina and EU Boost Innovation Cooperation Under Horizon 2020
  4. European Gaming & Betting AssociationJuncker’s "Political" Commission Leaves Gambling Reforms to the Court
  5. AJC Transatlantic InstituteAJC Applauds U.S. Recognition of Jerusalem as Israel’s Capital City
  6. EU2017EEEU Telecom Ministers Reached an Agreement on the 5G Roadmap
  7. European Friends of ArmeniaEU-Armenia Relations in the CEPA Era: What's Next?
  8. Mission of China to the EU16+1 Cooperation Injects New Vigour Into China-EU Ties
  9. EPSUEU Blacklist of Tax Havens Is a Sham
  10. EU2017EERole of Culture in Building Cohesive Societies in Europe
  11. ILGA EuropeCongratulations to Austria - Court Overturns Barriers to Equal Marriage
  12. Centre Maurits CoppietersCelebrating Diversity, Citizenship and the European Project With Fundació Josep Irla