Feeds

US to strengthen privacy rights for Euro bods' personal data transfers

Makes commitment under 'Safe Harbour' framework

7 Elements of Radically Simple OS Migration

The US will take steps before the summer to comprehensively strengthen the "Safe Harbour" framework that helps facilitate some transfers of personal data to the US from the EU.

The commitment to improve privacy protections (10-page/445KB PDF) was contained in a joint statement issued on behalf of senior officials from the EU and US, including president of the European Council Herman Van Rompuy, president of the European Commission Jose Manuel Barroso and US president Barack Obama.

It follows a threat from the European Parliament to veto any future trade agreement between the EU and US unless safeguards for EU citizens' privacy rights were improved by the US.

"We are committed to strengthening the Safe Harbour framework in a comprehensive manner by summer 2014, to ensure data protection and enable trade through increased transparency, effective enforcement and legal certainty when data is transferred for commercial purposes," the joint statement said.

The EU and US officials also said they would speed up talks on creating "a meaningful and comprehensive data protection umbrella agreement for data exchanges in the field of police and judicial cooperation in criminal matters, including terrorism", and that attempts would also be made to resolve other privacy issues, including around judicial redress.

EU data protection laws prevent companies from sending personal data outside of the European Economic Area (EEA) unless "adequate protections" have been put in place or in circumstances where the destination country has been pre-approved as having adequate data protection. Only a handful of countries, including Argentina, Canada and Switzerland, but not including the US, are deemed by the European Commission to provide adequate protection.

As a result, the European Commission and the US Department of Commerce negotiated a Safe Harbour framework to facilitate personal data transfers between organisations in the EU and US. More than 3,000 US businesses are currently signed up to the framework.

However, following reports in the media about alleged US surveillance practices as revealed by the whistleblower Edward Snowden, the Commission decided to carry out a review of the Safe Harbour framework. In November it published a report which cited "deficiencies in transparency and enforcement" in how the regime works.

The Commission made 13 recommendations that it said would address its concerns and the EU's Justice Commissioner Viviane Reding subsequently called on the US to take "legislative action before the summer" to address the privacy concerns the Commission raised. Reding threatened to suspend the Safe Harbour agreement if the US failed to do so.

However, the European Parliament has called for stronger action, including the "immediate suspension" of the Safe Harbour framework, in light of the Snowden leaks. The Parliament also said it would withdraw support for the Transatlantic Trade and Investment Partnership (TTIP). The TTIP is a potential new trade agreement between the EU and US which is currently the subject of negotiation.

The Snowden revelations have also raised the prospect of a new Europe-only communications network. Last month German chancellor Angela Merkel confirmed that she intended to discuss the potential for such a network to be created with French president François Hollande.

Last year German IT trade body the Bundesverband IT-Mittelstand called on Europe to look into forming an IT equivalent to Airbus SAS to protect privacy and rival the IT infrastructure offered by US companies such as Google and Microsoft. Airbus SAS is a European-based airplane manufacturer formed by a group of European aviation companies to challenge the dominance of US companies such as Boeing in the production of airliners.

However, Munich-based technology law specialist Christian Knorst of Pinsent Masons, the law firm behind Out-Law.com, said that an "IT Airbus" in Europe could cause competition issues and that the best way to challenge more established US rivals in the market was to improve funding for small businesses to help them compete on privacy.

In their joint statement the EU and US officials also called for other nations to sign up to an expanded Information Technology Agreement (ITA), which is overseen by the World Trade Organisation. The ITA requires signatory countries to remove all duties and tariffs on the IT products listed under the agreement.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Best practices for enterprise data

More from The Register

next story
Microsoft's Euro cloud darkens: US FEDS can dig into foreign servers
They're not emails, they're business records, says court
Sysadmin Day 2014: Quick, there's still time to get the beers in
He walked over the broken glass, killed the thugs... and er... reconnected the cables*
VMware builds product executables on 50 Mac Minis
And goes to the Genius Bar for support
Multipath TCP speeds up the internet so much that security breaks
Black Hat research says proposed protocol will bork network probes, flummox firewalls
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Microsoft says 'weird things' can happen during Windows Server 2003 migrations
Fix coming for bug that makes Kerberos croak when you run two domain controllers
Cisco says network virtualisation won't pay off everywhere
Another sign of strain in the Borg/VMware relationship?
prev story

Whitepapers

7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?