STRASBOURG – Following tough negotiations, the European Union and the United States on February 2 reached a long-awaited agreement on the EU-US Privacy Shield, replacing the Safe Harbor Framework.
The new deal provides “a renewed and safe” framework for transatlantic data flows, Commissioner for Justice, Consumers and Gender Equality Věra Jourová told a press conference in Strasbourg with Vice President for the Digital Single Market on the European Commission Andrus Ansip.
Jourová announced that she had just concluded talks with US Secretary of Commerce Penny Pritzker and “I’m very glad that the College of Commissioners has today supported the conclusion of negotiations on what I think is a strong and safe framework for the future of transatlantic data flows”.
On February 3, Pritzker thanked Jourová and her team in a statement, saying, “This historic agreement is a major achievement for privacy and for businesses on both sides of the Atlantic. It provides certainty that will help grow the digital economy by ensuring that thousands of European and American businesses and millions of individuals can continue to access services online”. The Privacy Shield strengthens cooperation between the Federal Trade Commission and EU Data Protection Authorities, he said.
EU Commission First Vice-President Frans Timmermans spoke with US Secretary of State John Kerry on February 2 before the deal was officially announced.
Meanwhile, at the press conference in Strasbourg on February 2, Jourová said the agreement is the result of very tough complex and politically sensitive negotiations especially over the past three months to find an arrangement that protects the fundamental rights of Europeans and ensures legal certainty for businesses.
“The new arrangement lives up to the requirements of the European Court of Justice. It will also be a living mechanism that will be checked up continuously to check whether it functions well,” Jourová told the well-attended press conference.
“We have achieved clear safeguards and transparency obligations of US government to data. And as Mr Ansip said for the first time ever the United States have given the EU bidding assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanism. The US will provide written assurances, notably from the office of the director of national intelligence in the White House,” she said, adding that the EU will hold the US accountable on the commitments they made.
Jourová stressed that the EU and US also agreed to monitor the functioning of this arrangement. “The Commission and the Department of Commerce will do an annual joint preview, which will serve to substantiate the commitments made. We will associate US national security experts and EU data protection authorities in that monitoring. In this way the US will be held accountable to its commitments. And the Commission will evaluate and report on the functioning of the arrangement once a year. So you see this will not be a one-off decision of the Commission but will be a continuous process done by the Commission,” she said.
Ansip said earlier at the press conference that the US side has clarified that they do not carry out indiscriminate mass surveillance of Europeans. “The US has undergone a substantial internal review as regards its national intelligence activities. This was part of [US] President [Barack] Obama’s speech in January 2014 and has now been reflected in the specific assurances we have received from the United States on transatlantic data flows. As a specific commitment under the new arrangement, the US will create the role of a special ‘Ombudsperson’ within the US State Department, who would follow-up complaints and enquiries by individuals on national security access, upon referral by EU data protection authorities,” Ansip said. “On the commercial side we have obtained strong oversight by the US Department of Commerce and the Federal Trade Commission of companies’ compliance with their obligations to protect EU personal data,” he said.
In 2013, trust between the EU and US was damaged after whistleblower Edward Snowden unveiled the scope of the American surveillance in Europe.
In an interview to New Europe after the agreement was reached, Jourová said, “at least the trust has been restored between the Commission and the partners on the American side”. “We have started this – I am convinced – functioning bridge between EU and US partners and we will have to care for this new scheme,” she said.
Reactions pour in after data deal
US Chamber of Commerce Executive Vice President and Head of International Affairs Myron Brilliant applauded the revised US-EU data transfer agreement, saying in a statement that it is critical not just to so-called Internet companies but to firms of all sizes and sectors in Europe and the US Failure could have prevented firms from carrying out basic business functions such as paying employees or interacting with customers in more than one market”.
EPP Group Data Protection spokesman MEP Axel Voss welcomed the agreement: “This new arrangement is of paramount importance to our digital economy,” he said. “When it comes to national intelligence, judicial redress is limited. Therefore it is important to have a functionally independent body who would answer complaints from EU citizens. This will be done by a US Ombudsman (as announced by Commissioner Jourova) with a real capacity to act, which will give an adequate reply to individual complaints,” Jourová said.
Sophie In’t Veld, ALDE first vice-president and spokesperson for data protection said: “We urgently need a thorough legal appraisal of the safeguards offered by the US. The legal status of these safeguards is very unclear. It is highly doubtful that they offer meaningful protection to European citizens, or if they meet the standards set by the ECJ”.
S&D Spokesperson for Civil Liberties, Justice and Home Affairs, Birgit Sippel acknowledged that it was good for European citizens and businesses that some form of agreement was reached. “However the agreement presented yesterday (February 2) does not appear to rectify the problems with the previous system and unless significant improvements are made then it is unlikely to stand up in court. The US authorities need to actually wake up and see that real changes are needed to their mass surveillance programs in order to address European citizen’s concerns. We call on both the US government and European Commission to recognise the seriousness of this or we will find ourselves back in the same position in two years”.
Civil Liberties Committee Chair MEP Claude Moraes said the European Parliament should insist on the binding and written assurances suggested by the US for the new EU-US data transfer deal. He expressed his “key concerns about an announcement which is not underpinned by any actual text”.
MEP Viviane Reding said she finds the outcome ambiguous and deems the proposed Commission decision premature. “There is progress on the other side of the Atlantic. The enhanced cooperation of the European data protection authorities with the Department of Commerce and the Federal Trade Commission is a positive development. So is the annual joint review. The appointment of an Ombudsperson is an interesting new institutional feature, but his true powers remain vague. The question remains: will this be enough to protect personal data and provide legal certainty?” declared Reding.
DIGITALEUROPE welcomed the new agreement. “We applaud the work of the European and US negotiators over recent months. We hope a new Decision will be presented shortly and that it will re-establish a sustainable path for data transfers between the EU and US while safeguarding data privacy and bringing legal clarity to businesses,” DIGITALEUROPE Director General John Higgins said.
European Digital Rights (EDRi) Executive Director Joe McNamee criticised the deal, saying, “The emperor is trying on a new set of clothes”. “Today’s (February 2) announcement means that European citizens and businesses on both sides of the Atlantic face an extended period of uncertainty while waiting for this new stop-gap solution to fail”.