EU, US agree new Internet privacy pact

Given the profound lack of trust between citizens and governments post-Snowden, it remains to be seen whether Privacy Shield can protect us where Safe Harbor failed.

The court invalidated Safe Harbor, which had been in place since 2005, following the revelations of Edward Snowden, and pressure from European regulators to rein in American surveillance.

Expectations for a new deal were low. On Wednesday, privacy regulators from across Europe will also offer their views on the “Privacy Shield”.

EU Justice Commissioner Vera Jourova announced the latest deal in a message on Twitter.

The most likely outcome was thought to be an extension of the deadline, granted by the EU’s privacy regulators.

The United States and the European Union has made a deal over data sharing. This will be reviewed each year by the EC and the Department of Commerce to ensure that it functions as intended. The first annual review will take place in 2017, Jourova said.

“The US has given binding assurances that access for law enforcement will be subject to clear limitations, safeguards and oversight…” Written assurances have been provided by the US Director of National Intelligence. The U.S. has ruled out indiscriminate mass surveillance on the personal data transferred to the USA under the new arrangement.

Dautlich said businesses have faced challenges when carrying out due diligence on their data transfer arrangements in the past few months since the CJEU ruling, including establishing which of their contracts concern the transfer of personal data and understanding complex sub-contracting arrangements.

The College has today mandated Vice-President Ansip and Commissioner Jourová to prepare a draft “adequacy decision” in the coming weeks, which could then be adopted by the College after obtaining the advice of the Article 29 Working Party and after consulting a committee composed of representatives of the Member States. While the agreement is “an important milestone”, said Daniel Castro, a vice president at the Information Technology and Innovation Foundation, “the big question right now is whether the agreement will withstand the inevitable court challenge”.

That changed this fall when an Austrian law student brought suit against Facebook over its privacy policies, saying they weren’t up to European privacy standards. When US companies operating in Europe sign up to Safe Harbor and transfer data to the US, they promise to protect personal data as though the data is still in Europe, where data protection and privacy laws are stronger.

The two countries have been trying to push the deal since October.

“We are confident we have met the requirements of the ruling as well as the various issues that have arisen”, Ms. Pritzker said. “This seems like absolutely no legal certainty whatsoever”.

Veld was skeptical of some of the proposed measures.

One person familiar with the matter said United States ideas for improving oversight of the new data transfer framework – such as creating an “ombudsman” – could change the authorities’ view of USA rules governing its surveillance practices.