Feeds

US to strengthen privacy rights for Euro bods' personal data transfers

Makes commitment under 'Safe Harbour' framework

Next gen security for virtualised datacentres

The US will take steps before the summer to comprehensively strengthen the "Safe Harbour" framework that helps facilitate some transfers of personal data to the US from the EU.

The commitment to improve privacy protections (10-page/445KB PDF) was contained in a joint statement issued on behalf of senior officials from the EU and US, including president of the European Council Herman Van Rompuy, president of the European Commission Jose Manuel Barroso and US president Barack Obama.

It follows a threat from the European Parliament to veto any future trade agreement between the EU and US unless safeguards for EU citizens' privacy rights were improved by the US.

"We are committed to strengthening the Safe Harbour framework in a comprehensive manner by summer 2014, to ensure data protection and enable trade through increased transparency, effective enforcement and legal certainty when data is transferred for commercial purposes," the joint statement said.

The EU and US officials also said they would speed up talks on creating "a meaningful and comprehensive data protection umbrella agreement for data exchanges in the field of police and judicial cooperation in criminal matters, including terrorism", and that attempts would also be made to resolve other privacy issues, including around judicial redress.

EU data protection laws prevent companies from sending personal data outside of the European Economic Area (EEA) unless "adequate protections" have been put in place or in circumstances where the destination country has been pre-approved as having adequate data protection. Only a handful of countries, including Argentina, Canada and Switzerland, but not including the US, are deemed by the European Commission to provide adequate protection.

As a result, the European Commission and the US Department of Commerce negotiated a Safe Harbour framework to facilitate personal data transfers between organisations in the EU and US. More than 3,000 US businesses are currently signed up to the framework.

However, following reports in the media about alleged US surveillance practices as revealed by the whistleblower Edward Snowden, the Commission decided to carry out a review of the Safe Harbour framework. In November it published a report which cited "deficiencies in transparency and enforcement" in how the regime works.

The Commission made 13 recommendations that it said would address its concerns and the EU's Justice Commissioner Viviane Reding subsequently called on the US to take "legislative action before the summer" to address the privacy concerns the Commission raised. Reding threatened to suspend the Safe Harbour agreement if the US failed to do so.

However, the European Parliament has called for stronger action, including the "immediate suspension" of the Safe Harbour framework, in light of the Snowden leaks. The Parliament also said it would withdraw support for the Transatlantic Trade and Investment Partnership (TTIP). The TTIP is a potential new trade agreement between the EU and US which is currently the subject of negotiation.

The Snowden revelations have also raised the prospect of a new Europe-only communications network. Last month German chancellor Angela Merkel confirmed that she intended to discuss the potential for such a network to be created with French president François Hollande.

Last year German IT trade body the Bundesverband IT-Mittelstand called on Europe to look into forming an IT equivalent to Airbus SAS to protect privacy and rival the IT infrastructure offered by US companies such as Google and Microsoft. Airbus SAS is a European-based airplane manufacturer formed by a group of European aviation companies to challenge the dominance of US companies such as Boeing in the production of airliners.

However, Munich-based technology law specialist Christian Knorst of Pinsent Masons, the law firm behind Out-Law.com, said that an "IT Airbus" in Europe could cause competition issues and that the best way to challenge more established US rivals in the market was to improve funding for small businesses to help them compete on privacy.

In their joint statement the EU and US officials also called for other nations to sign up to an expanded Information Technology Agreement (ITA), which is overseen by the World Trade Organisation. The ITA requires signatory countries to remove all duties and tariffs on the IT products listed under the agreement.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
HP busts out new ProLiant Gen9 servers
Think those are cool? Wait till you get a load of our racks
Like condoms, data now comes in big and HUGE sizes
Linux Foundation lights a fire under storage devs with new conference
Community chest: Storage firms need to pay open-source debts
Samba implementation? Time to get some devs on the job
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
Forrester says it's time to give up on physical storage arrays
The physical/virtual storage tipping point may just have arrived
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?