U.S.-European Data Transfer Deal Expires (Feb. 1, 2016)
A data transfer deal between the U.S. and European Union that includes financial information has expired.
The Safe Harbor deal, already struck down by the European Court of Justice in October, was due to be renegotiated by Sunday, Jan. 31. That deadline passed but reports say that European negotiators are set to meet Tuesday to craft a response to the situation. The missed deadline opens the possibility of legal penalties being imposed.
The 15-year-old Safe Harbor deal enabled U.S. companies to handle the personal data of users in the EU without being subjected to EU privacy rules, which are generally stricter than U.S. rules. The deal applied not only to the likes of Google and Facebook but payments and financial services companies. European regulators have threatened to take legal action against U.S. companies in the absence of a deal though it was unclear today if that would happen. The absence of a renewed deal would lead to U.S. companies having to follow data-protection rules set by the EU’s 28 member states instead of dealing with one rule for the bloc.
When it struck down Safe Harbor last year, the European Court of Justice, the continent’s highest court, said that the deal exposed personal data of EU citizens to “indiscriminate surveillance” by U.S authorities and didn’t provide a channel for citizens to seek legal redress for improperly accessed personal data. In the U.S., the House of Representatives has proposed a solution that involves giving U.S. privacy protections to EU citizens but that idea remains stuck in Congress. A Senate committee last week approved its version of the Judicial Redress Act, which would give EU citizens the right to challenge misuse of their personal data in a U.S. court. But an 11th-hour amendment from Republicans has dismayed the European Commission, potentially imperiling the Safe Harbor talks, according to a report in The Hill. “The add-on was a compromise offered to assuage concerns from some Republicans who thought the bill was a ‘concession’ to the EU,” the report notes. “The extra provision would require the European countries covered by the bill to allow commercial data transfers with the U.S. In addition, it includes a clause stating that the bill cannot impede U.S. national security interests.”