Discussions will take place on the margins of Davos this week between US and EU officials on a deal to replace the Safe Harbour agreement, which for 15 years has been used to legally transfer citizens’ personal data from the EU to the US, a conference in Brussels has heard.
The Digital Values event was jointly hosted by Microsoft and foreign policy think tank Carnegie Europe.
Safe Harbour was struck down by the Court of Justice of the European Union in Luxembourg last October following a challenge taken by Austrian privacy campaigner Max Schrems.
Mr Schrems had challenged the refusal of the Data Protection Commissioner in Ireland to investigate transfers of his personal data by Facebook from Ireland to the United States, claiming it was potentially being handed over to national security authorities there.
The court’s decision to strike down Safe Harbour, a deal agreed between the US and the European Commission in 2000, has created huge legal uncertainty for cloud computing and data transfers, and there is a political scramble to find an alternative by the end of January.
Data protection
About 4,000 companies used the agreement, under which they effectively self-certified that their protection of data was of a standard equivalent to that provided in the EU.
Speaking in Brussels yesterday, EU commissioner for Justice, Consumers and Gender Equality Vera Jourová said “only a comprehensive arrangement with clear legal commitments” could ensure the level of data protection Europeans were entitled to under EU law.
The Court of Justice ruling required that where personal data travelled, the protection had to travel with it in a system that gave “equivalent” protection to that enjoyed in the EU, she said.
“We have worked intensely over the last weeks to address the remaining open issues such as access by public authorities, redress possibilities for EU citizens, monitoring and enforcement. This week discussions will continue and meetings will be held at various levels, including in the margins of Davos,” Ms Jourová said.
On the question of surveillance and national security, the EU needed guarantees from the US that the principles of necessity and proportionality would be applied when the authorities requested data, she said.
‘Too big to fail’
Europe’s data protection authorities have threatened to take action to stop data transfers from the EU to the US if agreement is not reached on an alternative to Safe Harbour by the end of January.
Speaking at the Brussels event, Microsoft’s president and chief legal officer Brad Smith said the talks were “too big to fail”.
“We need a world in which people know that their rights will be protected by both their domestic and international law. And as the cloud moves around the world, we need to ensure that the law moves with it,” he said.
“We recognise that negotiations don’t always succeed by a particular deadline, or they may not come to fruition in every which way possible. But as we’ve also learned over time, even on days when one doesn’t completely succeed, it doesn’t mean that one needs to accept failure. We will need to press ahead across the Atlantic, in Europe and around the world, both with respect to the Safe Harbour agreement itself and these issues more broadly.”
Mr Smith said this was a year when we would see bigger debate about surveillance.