European governments have approved the new agreement after the last one was struck down for not guarding citizens’ privacy. Certain protective measures have been added, though not enough to convince four countries.
A majority of European governments have accepted a commercial data transfer pact first agreed to in February by the European Commission and the United States, making it possible for the new framework to enter into effect as soon as next week.
The pact, coined “Privacy Shield,” supplies the legal framework for companies – which together represent $250 billion (226 billion euros) annually in transatlantic digital trade – to move their data between the US and the EU.
German Economics Minister Sigmar Gabriel noted that data volumes in industry, services and private communications were “multiplying in ever shorter cycles,” with business models being increasingly based on global transfers.
“Therefore, our companies urgently need a safe legal framework,” he said in a statement, adding that the ministry had held intense consultations with businesses and data protection authorities during the process.
Privacy Shield serves as a replacement for the “Safe Harbor” agreement signed in 2000, which was struck down by Europe’s top court last October. The court’s ruling had come amid worries that the agreement left the door open for undue US government access to the data of European citizens.
Data privacy has grown into a fiercely protected right in the EU, especially in the aftermath of Edward Snowden’s 2013 revelations of mass surveillance carried out by the US – and often targeted at its European allies.
Such concerns led the EU’s data protection authorities to demand further measures to ensure privacy after the US and the EU reached a provisional agreement on the new pact in February.
Will it live up to its name?
In an attempt to answer these concerns, the parties have worked out a system to give EU citizens more legal redress if they believe their privacy is being infringed upon by data being held in the US. An ombudsman will be created in the US State Department to receive such complaints.
In a joint statement Thursday, European Commission Vice President Andrus Ansip and Justice Commissioner Vera Jourova said the new agreement “is fundamentally different from the old Safe Harbor.”
Safe Harbor allowed companies to store data on more laxly regulated US servers so long as they said the data complied with the EU’s rules – such as deleting data after a certain amount of time.
Furthermore, according to Ansip and Jourova, the US government has given “written assurance” that it will limit itself and put in safeguards in regards to accessing data and that it will not carry out indiscriminate mass surveillance of European citizens’ data.
Not convinced that the pact went far enough to protect privacy, Austria, Slovenia, Bulgaria and Croatia abstained from voting for its approval.
jtm/uhe (European Commission, Reuters, German Economic Ministry)