U.S., EU Agree on Privacy Shield to Maintain Transatlantic Data Flow

NEWS ANALYSIS: There are stumbling blocks, however, to a signed agreement, as European privacy advocates are wary of the agreement and  European privacy agencies are already looking to file a challenge to it.

Data Safe Harbor

The free flow of petabytes of data transmitted by the largest corporations and private citizens will continue across the Atlantic Ocean as the result of a new "safe harbor" agreement reached Feb. 2 between the United States and the European Union to protect data transfers between the United States and EU member nations.

The agreement replaces a 15-year-old pact that the EU's highest court struck down in October 2015 because it failed to protect the data of European citizens from snooping by U.S. intelligence or police authorities.

Months of intense negotiations in Brussels, Belgium, the headquarters of the European Commission, finally yielded results a couple of days past the Jan. 31 deadline. The talks were closely watched by the world's tech community because a failure to reach a timely agreement could conceivably have disrupted or at least complicated transatlantic data transfers.

Right now, EU negotiators are pleased that they got the concessions they wanted, which limit access to the private data of Europeans by U.S. intelligence agencies.

U.S. Commerce Department officials, meanwhile, seemed almost giddy with delight as they discussed the agreement's terms at a press conference, especially since some of the world's largest corporations—including Google, Facebook and Amazon.com—were holding their feet to the fire. But there is still a great deal of uncertainty about whether the current informal framework of the draft agreement will hold water long enough to go into effect.

U.S. concessions include guarantees, renewed annually, of privacy for the personal information of European citizens. These agreements would include limits on what U.S. companies can do with such data along with restrictions on the interception of data by the U.S. intelligence community as it flows between the two continents.

There are also a number of methods that Europeans can use to contest any attempts to gather data, including judicial redress, ombudsman positions at the U.S. Department of State, and monitoring by the Commerce Department and the Federal Trade Commission.

Unfortunately, there are also some stumbling blocks in the road to a final, signed agreement. The current negotiated framework must be turned into an actual written agreement that is acceptable to both sides. After the draft agreement is reviewed and revised, it will be turned into a final form, which must then be ratified by each of the EU member nations.

While the European Commission may think the agreement is solid, that doesn't really matter. It will eventually be reviewed by European privacy agencies, of which each member nation has one. The EC has no authority over those agencies at all, and the privacy agencies can accept or reject the new agreement for their own reasons.

Complicating matters are the concepts of privacy in a Europe with fresh memories of world wars, dictatorships, police states, genocide and ethnic cleansing. As a result, the European view of privacy is far more extreme than it is the United States.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...