EU wants to give national privacy regulators more clout in new US data pact
BRUSSELS – The European Union wants to enhance the power of the bloc’s national privacy regulators in policing a planned new EU-US data pact after the previous one was struck down by a top EU court on concerns about mass US surveillance.
Brussels and Washington are locked in negotiations to forge a new framework enabling data transfers from Europe to the United States, which are otherwise subject to cumbersome and lengthy legal processes under EU data protection law.
The previous pact, known as Safe Harbour and used by over 4,000 US and European companies, was declared invalid by the European Court of Justice in October because US national security needs trumped the privacy of Europeans’ data.
To address the court’s concerns, particularly that Europeans do not have legal channels to challenge misuse of their data, the Commission is looking for ways to involve European privacy watchdogs more deeply, according to three people familiar with the matter.
The US Federal Trade Commission (FTC) was responsible for monitoring companies’ compliance with the Safe Harbour privacy principles, although it does not deal with complaints from individuals.
A bigger role for European watchdogs would allow citizens to complain directly to their national authorities, the sources said.
A similar mechanism existed in the old Safe Harbour framework for human resources data which are often sensitive.
US companies handling Europeans’ human resources data had to commit to cooperating with European data protection authorities in case of complaint.
“That’s one issue to play around with,” said one of the people on condition of anonymity.
However, there is no agreement yet and differences remain over how the European regulators would cooperate with the FTC to avoid giving the EU extraterritorial powers.
The European Commission and the US Mission to the EU declined comment.
The Safe Harbour system allowed companies to self-certify that they complied with EU privacy law when transferring EU citizens’ personal data to countries deemed to have insufficient safeguards, which include the United States.
Both US and EU companies shuffle personal data across the Atlantic on a daily basis, whether employee data for multinationals or user data collected by internet companies for use in the billion-dollar online advertising market.
But the system came under strain in 2013 after former US National Security Agency contractor Edward Snow den leaked details of US government spying programs.
Brussels has committed to wrapping up the talks by the end of January but is looking for further guarantees from Washington that US authorities will not access Europeans’ data on a wholesale basis, something that has drawn out the negotiations. -Reuters