Since the dashing of the Safe Harbor agreement last October — the measure implemented in 2000 that allowed U.S. tech companies to use a single standard for consumer privacy and data storage on both continents without having to abide by multiple countries’ sets of regulations — a huge question mark has hung over the Atlantic regarding how to proceed with the retention, exchange, and use of user data. European privacy regulators have been grasping for ways to control where Europeans’ data goes and how it is used — quite the messy task given the proliferation of American technology companies and particularly the global use of U.S.-based social networks. But on Tuesday, the E.U. Commission and the U.S. set an agreement for a new framework for transatlantic data flows dubbed the “EU-US Privacy Shield.”
As Blouin News reported on Monday, most large internet companies like Google, Amazon, and Facebook are dependent on user data for revenue and evolving services/products. They openly criticized the striking of the Safe Harbor agreement as damaging to the U.S.-E.U. digital economy — a source of worry for analysts in multiple industries. In fact, it is arguable that the chief concern in the months following the destruction of the Safe Harbor agreement has been the potential disruption of the entire transatlantic digital economy. While clearly a deal that favored large businesses, Safe Harbor did in fact provide some structure for transferring data between continents. Without that structure, both government and the private sector have been worried about how to proceed with data transfer and use — key elements to business operation for most companies, not just Silicon Valley-based ones. The New York Times notes that pharmaceutical companies like Pfizer and other conglomerates such as General Electric also depended on Safe Harbor to send customer and employee data between the United States and Europe.
Part of the European Commission’s statement reads:
The new arrangement will provide stronger obligations on companies in the U.S. to protect the personal data of Europeans and stronger monitoring and enforcement by the U.S. Department of Commerce and Federal Trade Commission (FTC), including through increased cooperation with European Data Protection Authorities. The new arrangement includes commitments by the U.S. that possibilities under U.S. law for public authorities to access personal data transferred under the new arrangement will be subject to clear conditions, limitations and oversight, preventing generalised access. Europeans will have the possibility to raise any enquiry or complaint in this context with a dedicated new Ombudsperson.
The European Commission has spent the last couple of years cracking down on American technology companies regarding the privacy of Europeans’ data as it flows between continents. And the negotiations that preceded Tuesday’s agreement had been fraught with vocalized requirements from European privacy watchdogs who want to significantly limit the potential for American intelligence agencies to get their hands on Europeans’ data as it flows between continents.
Critics say that this latest agreement does little if nothing to change the status of data exchange between Europe and the U.S., but some groups have voiced their support. The Information Technology and Innovation Foundation (ITIF) released a statement from its Vice President Daniel Castro that reads, in part:
Going forward, the United States and EU should make a number of much-needed privacy reforms to continue rebuilding trust and cooperation and ensure the world’s most critical economic relationship continues to endure in the digital age. In the United States, this includes further surveillance reform and passing the Judicial Redress Act. In Europe, this means rejecting protectionist measures, such as a European Cloud, and fully embracing the spirit of a digital single market, not just in Europe, but globally.
It remains to be seen how this latest agreement will change relations between U.S. businesses and the E.C., if at all. But American tech companies are already embroiled in legal cases and on rocky ground with most European regulators that have anything to do with privacy. And all reports point to privacy advocates in Europe filing legal challenges, seeking to overturn the Shield. The issue may even return to the European Court of Justice. Stay tuned…