After months of debate, European and U.S. negotiators agreed on a data transfer pact to stop European regulators from imposing restrictions on the transatlantic transfer of data. The European courts had struck down the previous Safe Harbor framework following information leaks in 2013 that exposed intrusive U.S. surveillance practices. Since that time, the European Union and the United States have been struggling to replace the previous framework, which was outlawed following disclosures made by Edward Snowden, the former National Security Agency agent, concerning worldwide privacy breaches made by American intelligence services. The new Privacy Shield, a commercial data transfer agreement, is expected to facilitate more than $250 billion in transatlantic trade in digital services.
Why is the new accord important?
The new agreement will involve many companies – both large and small – that share credit card, financial transactions, human resources and/or travel information through cross-border data transfers. Free flow of data between Europe and the United States is crucial to international trade and finance. Digital data transfers are integral to the operations of the 4,000 or so businesses registered with the Department of Commerce – businesses that rely on being able to move information quickly between regions. Major U.S. companies are affected, including credit card companies like MasterCard, major internet companies like Google and Amazon, and social media giants like Facebook. They all had been left in legal limbo after the collapse of the Safe Harbor agreement. Key among the points of agreement are measures to safeguard the privacy of Europeans – not their counterparts in the United States. The Privacy Shield accord places stronger obligations on U.S. companies to protect Europeans’ personal data, and the U.S. government has agreed to safeguards and limitations affecting U.S. surveillance activities.
What are the main points?
The guarantees in the pact protect the privacy of people living in Europe – these assurances do not apply to people living in the United States whose data is transferred across the Atlantic. Privacy laws are tougher in Europe, where privacy is regarded as a fundamental right and expectations of privacy protection exceed those in the United States.
The accord gives Europeans the right to go to U.S. courts to seek redress if they believe their privacy has been breached by companies or by the U.S. government. It also reassures Europeans that U.S. government agencies will not gather and monitor Europeans’ data without cause. A new ombudsman position has been created in the State Department to handle any European complaints involving unauthorized collection of digital data from European citizens by U.S. government departments, including intelligence agencies.
Although the new pact goes further than the original Safe Harbor agreement, mistrust still remains and legal challenges could be on the horizon. Austria and Slovenia are concerned that the new Privacy Shield still fails to provide adequate privacy for their citizens. They abstained from voting to accept the new agreement, along with Bulgaria and Croatia. European privacy campaigners are also lobbying for more safeguards. On the other hand, its supporters – especially those in the United States – believe that the Privacy Shield agreement outlines clear and strong privacy obligations and that its enforcement clauses and rules will provide sufficient protection.