CloudCloud ManagementData StorageDataBaseRegulationSecuritySecurity ManagementSurveillance-IT

EC Tells US To Sort Out Safe Harbour Deal

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

‘Over to you’, as European Commission tells the US to sort out the Safe Harbour data sharing agreement

The European Commission (EC) has effectively told the United States the ball is in their court regarding the future progress of the Safe Harbour data agreement.

It comes after the Commission issued its own Safe Harbour guidelines and demanded the “swift establishment of a new framework” from the United States.

“We need an agreement with our US partners in the next three months,” said Andrus Ansip, the man in charge of the Digital Single Market, in a clear indication that the onus is now on United States officials.

“The Commission has been asked to take swift action: this is what we are doing,” he said. “Today we provide clear guidelines and we commit to a clear timeframe to conclude current negotiations.”

EC Guidelines

US Europe America EU - Shutterstock: © argusAnd the EC made clear that the United States has to incorporate the Court’s decision into any Safe Habour 2.0 agreement.

“Citizens need robust safeguards to ensure their fundamental rights are protected. And businesses need clarity during this transition period,” said Commissioner Vera Jourová.

“Our aim today is to explain under which conditions businesses can lawfully transfer data in this interim period,” Jourová. “I have stepped up talks with the US towards a renewed and sound framework for transatlantic data flows and will continue these discussions in Washington next week. Any new arrangement has to meet the requirements of the Court ruling.”

The EC guidelines comes after last month’s ruling from the European Union Court of Justice (CJEU) that the current Safe Harbour data-sharing agreement between the United States and Europe, that has been in existence for 15 years, was invalid.

That decision alarmed thousands of businesses including Google and Facebook as they transfer data between the US and Europe. Even more alarming for them is these firms potentially face legal action beginning at the end of January 2016 over the matter.

The British data protection watchdog (the ICO) has sought reassure British firms in the interim, and now the EC has published its own guidelines for firms, but it has effectively warned that the current Safe Harbour deal is dead and buried, and should not be used.

“Following the Court ruling the Commission has stepped up negotiations with the US on a renewed and safe framework on transfer of personal data,” said the EC. “The objective of the Commission is to conclude these discussions within three months.”

“In the meantime, companies need to comply with the ruling and rely on alternative transfer tools where available,” it said.

American Responsibility

“We need an agreement with our US partners in the next three months,” said Andrus Ansip, the man in charge of the Digital Single Market, in a clear indication that the onus is now on United States officials.

“The Commission has been asked to take swift action: this is what we are doing,” he said. “Today we provide clear guidelines and we commit to a clear timeframe to conclude current negotiations.”

And the EC made clear that the United States has to incorporate the Court’s decision into any Safe Habour 2.0 agreement.

“Citizens need robust safeguards to ensure their fundamental rights are protected. And businesses need clarity during this transition period,” said Commissioner Vera Jourová.

“Our aim today is to explain under which conditions businesses can lawfully transfer data in this interim period,” Jourová. “I have stepped up talks with the US towards a renewed and sound framework for transatlantic data flows and will continue these discussions in Washington next week. Any new arrangement has to meet the requirements of the Court ruling.”

Not Legal

The Commission also warned that that the current Safe Harbour arrangement can no longer serve as a legal basis for transfers of personal data to the US in light of the ability of the US intelligence services to gain access to transferred personal data, as revealed by the NSA whistleblower Edward Snowden.

The current Safe Harbour arrangement has been in place since 2000, and effectively allows American companies to certify that they followed EU privacy rules.

But last month’s court ruling means that major US companies such as Google, Facebook and Amazon, will need to rework their data-sharing practices in order to maintain compliance with the law.

And European data regulators have also confirmed that those transfers can no longer legally be carried out under the current Safe Harbour rules.

The EU and the US have been in negotiations for the past two years over a new agreement to replace Safe Harbour that would better protect data transferred to the US.

In May it was revealed those negotiations were very close to completion. Those talks now have fresh urgency.

Following the NSA spying revelations. Where do you store your data?