Feeds

US to strengthen privacy rights for Euro bods' personal data transfers

Makes commitment under 'Safe Harbour' framework

Internet Security Threat Report 2014

The US will take steps before the summer to comprehensively strengthen the "Safe Harbour" framework that helps facilitate some transfers of personal data to the US from the EU.

The commitment to improve privacy protections (10-page/445KB PDF) was contained in a joint statement issued on behalf of senior officials from the EU and US, including president of the European Council Herman Van Rompuy, president of the European Commission Jose Manuel Barroso and US president Barack Obama.

It follows a threat from the European Parliament to veto any future trade agreement between the EU and US unless safeguards for EU citizens' privacy rights were improved by the US.

"We are committed to strengthening the Safe Harbour framework in a comprehensive manner by summer 2014, to ensure data protection and enable trade through increased transparency, effective enforcement and legal certainty when data is transferred for commercial purposes," the joint statement said.

The EU and US officials also said they would speed up talks on creating "a meaningful and comprehensive data protection umbrella agreement for data exchanges in the field of police and judicial cooperation in criminal matters, including terrorism", and that attempts would also be made to resolve other privacy issues, including around judicial redress.

EU data protection laws prevent companies from sending personal data outside of the European Economic Area (EEA) unless "adequate protections" have been put in place or in circumstances where the destination country has been pre-approved as having adequate data protection. Only a handful of countries, including Argentina, Canada and Switzerland, but not including the US, are deemed by the European Commission to provide adequate protection.

As a result, the European Commission and the US Department of Commerce negotiated a Safe Harbour framework to facilitate personal data transfers between organisations in the EU and US. More than 3,000 US businesses are currently signed up to the framework.

However, following reports in the media about alleged US surveillance practices as revealed by the whistleblower Edward Snowden, the Commission decided to carry out a review of the Safe Harbour framework. In November it published a report which cited "deficiencies in transparency and enforcement" in how the regime works.

The Commission made 13 recommendations that it said would address its concerns and the EU's Justice Commissioner Viviane Reding subsequently called on the US to take "legislative action before the summer" to address the privacy concerns the Commission raised. Reding threatened to suspend the Safe Harbour agreement if the US failed to do so.

However, the European Parliament has called for stronger action, including the "immediate suspension" of the Safe Harbour framework, in light of the Snowden leaks. The Parliament also said it would withdraw support for the Transatlantic Trade and Investment Partnership (TTIP). The TTIP is a potential new trade agreement between the EU and US which is currently the subject of negotiation.

The Snowden revelations have also raised the prospect of a new Europe-only communications network. Last month German chancellor Angela Merkel confirmed that she intended to discuss the potential for such a network to be created with French president François Hollande.

Last year German IT trade body the Bundesverband IT-Mittelstand called on Europe to look into forming an IT equivalent to Airbus SAS to protect privacy and rival the IT infrastructure offered by US companies such as Google and Microsoft. Airbus SAS is a European-based airplane manufacturer formed by a group of European aviation companies to challenge the dominance of US companies such as Boeing in the production of airliners.

However, Munich-based technology law specialist Christian Knorst of Pinsent Masons, the law firm behind Out-Law.com, said that an "IT Airbus" in Europe could cause competition issues and that the best way to challenge more established US rivals in the market was to improve funding for small businesses to help them compete on privacy.

In their joint statement the EU and US officials also called for other nations to sign up to an expanded Information Technology Agreement (ITA), which is overseen by the World Trade Organisation. The ITA requires signatory countries to remove all duties and tariffs on the IT products listed under the agreement.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Internet Security Threat Report 2014

More from The Register

next story
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
You think the CLOUD's insecure? It's BETTER than UK.GOV's DATA CENTRES
We don't even know where some of them ARE – Maude
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.