EU and US Agree to Restart Transatlantic Data Flow

     (CN) – The United States and Europe agreed on new transatlantic data-sharing rules four months after the EU high court gutted the old pact amid concerns over the NSA spying scandal, the European Commission said Tuesday.
     This past October, the European Court of Justice ruled the previous “safe harbor” scheme in which businesses voluntarily promise to protect consumers’ personal data could not stand since the plan’s provisions do not bar U.S. law enforcement and government authorities from accessing user data – a point revealed in vivid detail by National Security Agency whistleblower Edward Snowden in 2013.
     Diplomats on both sides of the pond worked quickly to come up with a new data-sharing plan, since the EU high court’s decision effectively dammed up the flow of all data between the United States and the European Union.
     On Tuesday, the commission said it had come to an agreement on a new arrangement with U.S. authorities and ordered digital-market commissioner Andrus Ansip and justice commissioner Vera Jourova to take the steps necessary to put the new policy in place.
     The commission said the “EU-U.S. Privacy Shield” requires U.S. companies that wish to import personal data from the EU to commit to “robust obligations on how personal data is processed and individual rights are guaranteed.” The U.S. Department of Commerce will monitor compliance, which is enforceable under U.S. law by the Federal Trade Commission, the commission said in a statement.
     Additionally, the U.S. government has given the European Union “written assurances” for the first time ever that data access by law enforcement and national security agencies will be limited – with safeguards and oversight put into place.
     “The United States has ruled out indiscriminate mass surveillance on the personal data transferred to the U.S. under the new arrangement,” the commission said.
     For EU citizens who believe their data has been misused, the agreement requires U.S. companies to respond to complaints within a certain time frame. European data-protection authorities can also lodge complaints against businesses with the Federal Trade Commission, and an ombudsman will be appointed to handle allegations of access by national intelligence and law enforcement authorities, the commission said.
     “The new EU-U.S. Privacy Shield will protect the fundamental rights of Europeans when their personal data is transferred to U.S. companies,” Commissioner Jourova said. “For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms. Also for the first time, EU citizens will benefit from redress mechanisms in this area.”
     She added, “In the context of the negotiations for this agreement, the U.S. has assured that it does not conduct mass or indiscriminate surveillance of Europeans. We have established an annual joint review in order to closely monitor the implementation of these commitments.”
     Jourova and Ansip will next draft an adequacy decision for the full commission to approve, which will take the place of the decision invalidated by the EU high court. The EU’s data-protection watchdog will also weigh in on the adequacy of the scheme before the commission approves it.
     Meanwhile, the commission said U.S. authorities will begin implementing the agreement, including putting in monitoring mechanisms and selecting the ombudsman.

%d bloggers like this: