The U.S. and the EU have reportedly come to an agreement in principle on a new data-sharing framework, after a decision earlier this month by Europe’s highest court to invalidate a 15-year-old trans-Atlantic pact. Safe Harbor was used by thousands of U.S. companies for legal transfers of data between the U.S. and Europe, where privacy laws are stricter.
The ruling came about because of a lawsuit brought by an Austrian privacy activist, Max Schrems, against Facebook. He said his data wasn’t being adequately protected by the social network because the U.S. government likely had access to it in light of mass spying revelations based on the Edward Snowden leaks.
The new Safe Harbor framework is getting close, but EU Justice Commissioner Vera Jourovasaid Monday that the commission is still working with the U.S. “to ensure that there are sufficient limitations and safeguards in place to prevent access or use of personal data on a ‘generalised basis’ and to ensure that there is sufficient judicial control over such activities.” Jourova and U.S. Secretary of Commerce Penny Pritzker have been talking about the issue for the past couple of years, since the revelations of mass NSA spying.
As I wrote, Pritzker said after the Oct. 6 ruling that the invalidation of Safe Harbor brought “uncertainty” to U.S. and EU businesses and consumers. She said it was important to produce a new data-sharing framework as soon as possible. Although Facebook pointed out that it has other mechanisms it can use for data transfers — unlike smaller companies that are likely to be more affected by the ruling — the social network also said it was “imperative” that the two sides “ensure that they continue to provide reliable methods for lawful data transfer.”
The old framework relied on companies to self-certify that they were adequately protecting Europeans’ data. Among other things, the new framework would install more oversight, according to Jourova.