Europe and the US failed to reach agreement on a new Safe Harbour legal framework for data transfers.
That much was immediately clear as Vera Jourová, EU commissioner for justice, consumers and gender equality briefed a parliamentary committee in Strasbourg last night on the results – or lack of them – of efforts to find a replacement for the old agreement, thrown out by the European Court of Justice earlier this year in the Schrems decision.
No relief then for businesses that have been left in a growing state of anxiety and alarm.
Yesterday’s extended discussions between the parties were considered a last-ditch effort before data protection authorities in Europe could decide to take the nuclear option – halt data transfers completely.
Instead, Jourová talked about the key goals of the talks and the directions they were moving in to address European concerns about how the US will provide adequate safeguards against state surveillance or corporate mishandling of EU citizens’ data once transferred to the US.
Little was said that hadn’t already been floating around in the public domain or hadn’t been leaked to media. About the only new element was confirmation that negotiators were indeed proposing a US ombudsman to deal with individual complaints by EU citizens.
Deeply-rooted conflict
The talks are still hanging over a basic and deeply-rooted conflict between EU and US views on privacy and security.
In the EU, privacy is a fundamental right. Europe – as made clear by the ECJ decision – wants the US to guarantee that the data of EU citizens will have all the same protections in the US that are provided under this fundamental right in the EU.
But the US has a massive state security regime that – as revelations from Edward Snowden revealed – has accessed and surveilled data of both citizens and non-citizens alike in the US.
The ECJ’s Schrems ruling poses an enormous hurdle for negotiators. Any new Safe Harbour agreement needs to be robust enough to withstand expected legal challenges, likely to be fast-tracked to the same ECJ.
Many experts believe this can only be done if the US makes significant changes to its own security laws, though some have already been made in the wake of Snowden’s disclosures.
The failure of negotiators to come up with at least the basis of an agreement will have disappointed, and worried, many.
Prism programme
What happens next? No one knows. But the spectre of some halted data transfers later this week – likely involving high-profile internet and technology companies known to have been a part of NSA surveillance in its Prism programme – is real.
Jourová said more detail of the ongoing negotiations would be revealed this week. But essentially the Commission is trying again to buy time. We should know quickly whether the European Parliament and data protection authorities are willing to allow the negotiating train to ramble on.