Jourová Confident US-EU Safe Harbor Pact Will Be Reached
European Justice Commissioner Vĕra Jourová said she is confident the EU and U.S. will successfully agree to a new safe harbor framework by Jan. 31 that ensures the protection of personal data of EU citizens transferred to the U.S. But Jourová, speaking Monday at the Brookings Institution, also indicated surveillance issues, including law enforcement and national security access to Europeans’ data, are still a major focus in the ongoing discussions. Jan. 31 is when EU data protection authorities could start enforcement against U.S. companies transferring data without safeguards in the absence of the previous safe harbor.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Jourová, who arrived in Washington last week to meet with several high-level federal officials, including Commerce Secretary Penny Pritzker, spoke about surveillance, in part, in the context of Friday’s terrorist attack in Paris that killed about 129 people. “Against the recent attacks in Paris, it is important to stress that targeted access can become crucial for insights in the fight against terrorism,” she said. “We need to ensure that there are sufficient limitations and safeguards in place to prevent access or use of personal data in a generalized basis and we need to ensure that there is sufficient judicial control over such activities. This remains the biggest challenge in the [European Court of Justice's (ECJ)] judgment.”
The ECJ ruled Oct. 6 that the 15-year safe harbor agreement between the EU and U.S. was invalid, causing uncertainty and confusion in business communities on both sides of the Atlantic. Many saw the ruling as a judgment against the U.S. surveillance methods.
“We still need more clarification and better description of the exceptions, which justify the access to data under safe harbor and we need to find all the possible ways how we can continuously monitor the consistency and proportionality of surveillance of … the data of European citizens collected by companies under safe harbor," Jourová said. “Because these general expressions might have very different interpretations across the Atlantic.”
“I think it’s important that Commissioner Jourová continues the dialogue,” said Electronic Privacy Information Center President Marc Rotenberg, who attended the event, in an interview. “But on the U.S. consumer side, we see a clear need for changes in U.S. law and we think that’s what the [European] Court of Justice will require as well.” Rotenberg has said that the U.S. needs to update its privacy laws to ensure that it's a human right (see 1511030034). But he said he doesn’t think the Paris attack will significantly affect the negotiations.
Speaking with reporters, Jourová said she “will finalize some of the issues which have been hanging for a long time.” And any agreement that is reached needs to be approved by the European Commission, she said, saying the European government will be transparent in communicating the deal to the 28 member states. She said the discussions with the U.S. have yielded results. For instance, she said, the Commerce Department is committed to more oversight, and the FTC and data protection authorities (DPAs) in Europe also have agreed to cooperate in a stronger way.
“This will transform the system from a purely self-regulating one to an oversight system that is more responsive as well as proactive,” Jourová said. “We are also working with the U.S. to put into place an annual joint review mechanism that will cover all aspects of the functioning of the new framework, including the use of exceptions for law enforcement and national security grounds and that will include the relevant authorities from both sides.”
Jourová also lauded the Judicial Redress Act (HR-1428), which the House approved Oct. 20 and is now under consideration in the Senate. She said it addresses the major concern that European citizens will be able to get access to or correct their personal data if there is an error in their data. “The Judicial Redress bill will extend the rights that U.S. citizens and residents enjoy under the 1974 Privacy Act also to Europeans. This is a long-awaited and historical step and we appreciate the efforts of the administration and Congress so far. It would end a de facto discrimination,” she said. “Where personal data travels, the protection has to travel with it.”
Asked what would happen if no deal is reached by Jan. 31, Jourová said the deadline was established by the EC and not imposed by the DPAs. Some observers have said DPAs could bring coordinated enforcement if there is no safe harbor framework (see 1511100061). Jourová said it may be a good question to ask the individual DPAs, but said a deal would be reached within the time frame. If that happens not to be the case, Jourová's staff will continue to negotiate with the Commerce Department. “We can only do it after we are 100 percent sure that the system will work,” she said. “This was also a misunderstanding between us and the American authorities or negotiators because they thought that we got the deal … in the summer and we did not.”