New trans-Atlantic data deal welcomed on Capitol Hill
A framework governing the transfer of European citizens' data into systems owned by U.S. companies includes more consequences for U.S. firms that don't play by the new privacy rules.
After months of wrangling, U.S. and European officials arrived at a new set of privacy rules for personal data moving across the Atlantic. The rules, hammered out in the wake of surveillance revelations by former National Security Agency contractor Edward Snowden, spell out limits on access to information for law enforcement and security purposes.
The new agreement, dubbed the EU-US Privacy Shield, is in line with European countries' stricter data-protection rules and provides for redress for individuals who feel their data has been improperly used.
"For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms," EU Commissioner Věra Jourová said in a statement. "Also for the first time, EU citizens will benefit from redress mechanisms in this area."
The news was welcomed on Capitol Hill, where lawmakers had been concerned about roadblocks to trans-Atlantic commerce arising from the lack of an agreement that protected national security and personal privacy.
"I think those are always a balancing act," Sen. John Cornyn (R-Texas), a member of the Senate Judiciary Committee, told FCW. "What we tried to do in the Judiciary Committee and now with the Safe Harbor provision is to try to address both of those, and I think we've made some important progress."
Sen. John Thune (R-S.D.), chairman of the Commerce, Science and Transportation Committee, agreed. He led efforts by 50 other lawmakers last year to put pressure on Commerce Secretary Penny Pritzker and Federal Trade Commission Chairwoman Edith Ramirez to finalize the framework.
"This agreement is a needed victory for job-creation efforts in an already turbulent global economic situation," Thune said in a statement urging officials to implement the agreement without delay.
The framework also imposes an annual review to make sure U.S. intelligence agencies are not given access to the data of EU citizens, unless deemed critical.
Carl Schonander, senior director for international public policy at the Software and Information Industry Association, told FCW that he welcomes the new framework.
"For us, the most important thing is that countries [have] what we call interoperability mechanisms that allow for cross-border data transfers," he said. "The privacy shield is one such mechanism."
He also praised officials for negotiating a "living" agreement that will undergo an annual review process. "We will have to see once the system is put in place how that works," he said.
He added that "there needs to be a transition period so that companies adopt whatever new rules are contained in the privacy shield and implement them."
The rules could be implemented by early April. Meanwhile, the Senate is still considering the Judicial Redress Act, which extends benefits of U.S. privacy law to EU citizens so that they can challenge American companies in U.S. court if they feel their personal data has been misused.