The European Commission must soon strike a deal to regulate personal data transfers of EU citizens to the U.S., Germany's federal data protection commissioner warned, saying further delays could trigger a suspension of those transfers, with dire economic consequences.
The EU and the U.S. have been renegotiating the EU Safe Harbor framework since the end of 2013. The deal stemming from 1998 governs the way in which personal data from EU citizens is protected when it is transmitted to the U.S., and its policies have to be taken into account by companies like Facebook, Google and Microsoft who want to process such data. Cancelling the deal could have major implications for those companies.
A deadline for a renewed deal was set for the summer of 2014, but no end to the negotiations is in sight, Germany's Federal Commissioner for Data Protection and Freedom of Information Andrea Voßhoff said Tuesday.
It is now time for the European Commission to be clear, Voßhoff said. She called on both the EU and the U.S. to quickly reach an agreement. "A failure of the negotiations may result in the suspension of data transfers to the US by data protection authorities and thus have considerable economic consequences," she said in a news release.
Voßhoff made her remarks in Berlin on Wednesday ahead of a meeting of German data protection commissioners who will discuss a possible cancellation of the agreement.
Voßhoff said the European Commission should not exclude the possibility of suspending or canceling Safe Harbor if no solution is found to adequately protect the fundamental rights of European citizens in a timely manner. She also reminded European Commissioner for the Digital Single Market, Andrus Ansip of his threat to suspend the agreement because it is not safe.
The EU demanded a renegotiation of the deal to better protect personal data after the Snowden revelations showed the extent of the U.S. National Security Agency's (NSA) spying programs.
The Commission in 2013 gave the U.S. 13 demands it should comply with, of which 11 were sorted out last November.
The remaining two issues involved U.S. national security. The most important of the two is a requirement for the U.S. to only use the national security exception in the Safe Harbor agreement "to an extent that is strictly necessary or proportionate."
The EU's justice Commissioner Vra Jourová told the European Parliament last week that discussions with the U.S. to implement the 13 recommendations "are progressing." Since then, nothing has changed, a Commission official said Tuesday.
"As you know, we have made it very clear to the U.S. that the Safe Harbor will not be able to continue without sufficient guarantees on national security access. This is an entire package," Jourová said, adding that recently for the first time, the Commission had "registered concrete engagement from the US on this issue."
"Access to data for national security purposes must be limited to what is necessary and proportionate. And we hope to be able to report soon on progress in this respect," Jourová said, adding that the Commission will stand firm on the issue and that her goal is to strike a deal with the U.S. by the end of May.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, online payment issues as well as EU technology policy and regulation for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.