Feeds

US to strengthen privacy rights for Euro bods' personal data transfers

Makes commitment under 'Safe Harbour' framework

Top 5 reasons to deploy VMware with Tegile

The US will take steps before the summer to comprehensively strengthen the "Safe Harbour" framework that helps facilitate some transfers of personal data to the US from the EU.

The commitment to improve privacy protections (10-page/445KB PDF) was contained in a joint statement issued on behalf of senior officials from the EU and US, including president of the European Council Herman Van Rompuy, president of the European Commission Jose Manuel Barroso and US president Barack Obama.

It follows a threat from the European Parliament to veto any future trade agreement between the EU and US unless safeguards for EU citizens' privacy rights were improved by the US.

"We are committed to strengthening the Safe Harbour framework in a comprehensive manner by summer 2014, to ensure data protection and enable trade through increased transparency, effective enforcement and legal certainty when data is transferred for commercial purposes," the joint statement said.

The EU and US officials also said they would speed up talks on creating "a meaningful and comprehensive data protection umbrella agreement for data exchanges in the field of police and judicial cooperation in criminal matters, including terrorism", and that attempts would also be made to resolve other privacy issues, including around judicial redress.

EU data protection laws prevent companies from sending personal data outside of the European Economic Area (EEA) unless "adequate protections" have been put in place or in circumstances where the destination country has been pre-approved as having adequate data protection. Only a handful of countries, including Argentina, Canada and Switzerland, but not including the US, are deemed by the European Commission to provide adequate protection.

As a result, the European Commission and the US Department of Commerce negotiated a Safe Harbour framework to facilitate personal data transfers between organisations in the EU and US. More than 3,000 US businesses are currently signed up to the framework.

However, following reports in the media about alleged US surveillance practices as revealed by the whistleblower Edward Snowden, the Commission decided to carry out a review of the Safe Harbour framework. In November it published a report which cited "deficiencies in transparency and enforcement" in how the regime works.

The Commission made 13 recommendations that it said would address its concerns and the EU's Justice Commissioner Viviane Reding subsequently called on the US to take "legislative action before the summer" to address the privacy concerns the Commission raised. Reding threatened to suspend the Safe Harbour agreement if the US failed to do so.

However, the European Parliament has called for stronger action, including the "immediate suspension" of the Safe Harbour framework, in light of the Snowden leaks. The Parliament also said it would withdraw support for the Transatlantic Trade and Investment Partnership (TTIP). The TTIP is a potential new trade agreement between the EU and US which is currently the subject of negotiation.

The Snowden revelations have also raised the prospect of a new Europe-only communications network. Last month German chancellor Angela Merkel confirmed that she intended to discuss the potential for such a network to be created with French president François Hollande.

Last year German IT trade body the Bundesverband IT-Mittelstand called on Europe to look into forming an IT equivalent to Airbus SAS to protect privacy and rival the IT infrastructure offered by US companies such as Google and Microsoft. Airbus SAS is a European-based airplane manufacturer formed by a group of European aviation companies to challenge the dominance of US companies such as Boeing in the production of airliners.

However, Munich-based technology law specialist Christian Knorst of Pinsent Masons, the law firm behind Out-Law.com, said that an "IT Airbus" in Europe could cause competition issues and that the best way to challenge more established US rivals in the market was to improve funding for small businesses to help them compete on privacy.

In their joint statement the EU and US officials also called for other nations to sign up to an expanded Information Technology Agreement (ITA), which is overseen by the World Trade Organisation. The ITA requires signatory countries to remove all duties and tariffs on the IT products listed under the agreement.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Beginner's guide to SSL certificates

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
AWS pulls desktop-as-a-service from the PC
Support for PCoIP protocol means zero clients can run cloudy desktops
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.