Businesses face ongoing uncertainty over the transfer of European data to the US, after officials have again failed to reach agreement on the Safe Harbour 2.0 deal.
European officials sitting on the Article 31 committee, which contains representatives from member states and is chaired by a European Commission official, reportedly concluded they need more time to consider the agreement, otherwise known now as the Privacy Shield.
The development comes after European Data Protection Authorities (the so called “Article 29 Working Party” or WP29) – composed of watchdogs from influential member states – failed to give their blessing to the deal.
The WP29 said the proposed Privacy Shield was inadequate in a number of key areas, and that exceptions to allow the US to carry out mass surveillance of EU citizens were “not acceptable.”
And now after that watchdog rejection, the proposed deal has been hit with another setback after the Article 31 committee concluded that more time was needed to consider the implications of the proposal.
A commission source told Ars Technica UK that work “is going forward well” with the Article 31 group. “There was a very constructive meeting today, and I suspect there will be a few more in the course of May and early June,” the source added.
It is understood that the Article 31 group is seeking to incorporate a number of recommendations by the data protection authorities (WP29) into the proposed agreement.
The committee has to make a decision by June by voting. If it fails to reach a majority consensus, the group can either drop the proposed agreement, submit a revised draft, or appeal the outcome of the vote.
Of the three options, submitting a revised draft of the Privacy Shield seems the more likely option.
The proposed transatlantic Privacy Shield was finally agreed in early February to replace the previous Safe Harbour legislation. That original data sharing deal with the United States was ruled invalid by Europe’s top court on 6 October last year.
The proposed replacement is designed to help firms on both sides of the Atlantic to move the personal data of European citizens to the United States without breaking strict EU data transfer rules. The European Commission (EC) published the details of the deal in late February.
But Europeans are concerned about the independence of a new US privacy ombudsman, and are seeking more reassurance over US surveillance practices.
Unfortunately, this delay prolongs the climate of regulatory uncertainty for businesses and places unnecessary strain on the digital economy.
Businesses are concerned that the lack of an agreement could result in them potentially facing legal action over data transfers to the US.
What do you know about privacy? Try our quiz!