The “safe harbour” agreement between the EU and the US – which allows for transatlantic data transfers – could be scrapped after EU justice minister Viviene Reding revealed her department has kicked off a review of the pact.
The deal, in place since the late Nineties, allows US companies to satisfy EU data rules by signing up to a self-reporting scheme, supervised by the US federal trade commission.
It is based on the principle that US data privacy standards are equivalent to those in Europe and is embraced by Google and Facebook, as well as thousands of smaller US tech companies.
But following the Prism-gate spy scandal, Reding has argued that it “it could be a loophole” that allowed companies to shift data to the US where “data protection standards are lower than our European ones”. She added: “The safe-harbour agreement may not be so safe after all.”
The commissioner is expected to propose recommendations before the end of the year, such as scrapping the provision altogether, adding fresh conditions or leaving it intact – although reports suggest the latter option was unlikely.
“Prism has been a wake-up call. The data protection reform is Europe’s answer,” said Reding.
Legal experts believe a reassessment of the safe harbour was inevitable given the EU’s shake-up of European data protection laws. Under the proposals, non-European companies will be forced to comply with EU laws in full when serving European customers. However, that US officials argue this is far too prescriptive.
Merkel fury could hit EU data fight
Prism-gate row: now Sorrell wades in
EU chiefs calm fears over opt-in
Prism-gate may scupper EU data war
Prism row engulfs marketing data
New delay fuels EU data warning
Clock ticks on EU after new delay
EU: ‘Don’t panic, don’t panic’ – ICO
EU data laws ‘may never be passed’
Sceptics blast EU consent claims
Industry hails EU ‘extra time’
EU data laws enter the ‘hot phase’
EU data law: ‘It’s the DMA wot won it’
Does anyone give a toss about DM?
MEPs pass 900 amendments to data laws