Deadline uncertain for new EU-US data pact
US and EU officials are rushing to finalise a new data transfer pact after the European Court of Justice invalidated the so-called Safe Harbour agreement in October.
But outstanding issues on national security exemptions risk putting a January deadline in jeopardy.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
On Friday (11 December), a top US intelligence official refuted claims of mass surveillance on EU citizens, while insisting the Luxembourg-based court decision had no bearing on US privacy laws.
"The Court did not find that US law and practices in fact did not protect privacy rights," Robert Litt, a general counsel in the US office of the director of national intelligence, told an audience in Brussels.
"The United States intelligence community, quite frankly, is not interested in listening to the conversations of everybody in the world. We, A, we are not interested, B, we couldn't do it if we wanted to, and C, we have better things to do," he said.
Litt is on the US negotiating team to get a new Safe Harbour up and running after the Court found, among other things, that generalised access to the content of electronic communications violates "the essence of the fundamental right to respect for private life."
The ruling also gave national data protection authorities more accountability and noted the level of personal data protection outside the EU must be "essentially equivalent" to EU standards.
The Court case and ruling is seen as a major victory for civil liberties but has caused frustration among the some 4,500 US companies previously signed up the self-certification regime.
It's about jobs
The US Federal Trade Commission, which enforced the agreement, says 60 percent of those companies used the data for human resource information.
"That means that 60 percent of this data flow was about jobs, it was about jobs in the US, and much more importantly, it was about jobs here in Europe," FTC commissioner Julie Brill told reporters last week.
The 15-year old data pact has since been scrapped meaning companies now have to rely on more complex methods of transferring the data of EU citizens to be processed in the United States.
The European Commission first highlighted concerns over the agreement in 2013 following revelations by former US intelligence agent Edward Snowden on the indiscriminate bulk collection of personal data by the US National Security Agency.
The Brussels-executive at the time issued the Americans 13 recommendations on how to improve the pact to ensure privacy is protected
It wants US authorities to ensure national security exceptions in Safe Harbour is both "strictly necessary or proportionate" and that EU citizens can go to court in case of violations.
Judicial redress stuck in US Senate
The US, for its part, have since introduced a judicial redress act but has yet to pass Congress. The act is stuck in the Senate.
Talks between the two had been dragging out with no discernible end in sight but the Court decision in October has since provided an extra impetus to get the recommendations sorted and new a pact signed.
"I believe Europe and the United States have all tools at hand to achieve this in three months," said European Commission vice-president Andrus Ansip in November.
A group of European data protection authorities also threatened a "coordinated enforcement action" should the US miss the end of January deadline.
But Ted Dean, a US department of commerce official, and also part of the US negotiating team, said the January deadline is meaningless.
"It is not our goal to be done at the end of January. It is our goal to be done as soon as we possibly can," he said.
His views were echoed by FTC commissioner Julie Brill who told this website that while she is hopeful the deadline is met, she can't promise it.
She noted her office had only received four complaints from European national DPAs over the 15 year lifespan of Safe Harbour.
The US won't disclose details on the referrals but noted that two had been resolved.
Asked about the four cases, Giovanni Buttarelli, the European data protection supervisor, told this website "Safe Harbour has been in dead waters for years".
"DPAs have never been fully satisified about the kind of safe guards included the agreement," he said.