WASHINGTON — The Computer & Communications Industry Association, BSA/The Software Alliance and others were welcoming the news Tuesday (Feb. 2) that U.S. and European Union negotiators had struck an agreement on a new Safe Harbor framework for commercial data flows between the U.S. and Europe; The State Department confirmed that an agreement had been reached.
The U.S. and EU had a Jan. 31 deadline for coming up with a new framework before data protection actions could be brought after a European Union court in October invalidated the current safe harbor in the wake of Edward Snowden's revelations about U.S. government surveillance. (The U.S. and EU have a Jan. 31 deadline for coming up with a new framework before data protection actions can be brought after a European Union court in October invalidated the current safe harbor in the wake of Edward Snowden's revelations about U.S. government surveillance.). But in advance of more negotiations, Justin Antonipillai, deputy general counsel of the Department of Commerce and a leading figure in those negotiations, had suggested the deadline was actually going to be Feb. 2 given that Jan. 31 was a Sunday and there were working party meetings set for Feb. 2.
The agreement affects thousands of U.S. companies storing data of citizens of EU member states. The U.S. and EU have been working on a new agreement since the 2013 Snowden revelations, but the court decision imposed that deadline.
In a conference call with repporters, Secretary of Commerce Penny Pritzker called the deal essential to transatlantic commerce and outlined the highlights of the agreement, which she dubbed a "privacy shield."
She said those include a new ombudsman for national security, that the Federal Trade Commission will team with EU data protection agencies on complaints, a cost-free alternative complaint resolution mechanism, and an arbitration mechanism as a last resort.
Pritzker said she believed the new harbor/shield will pass muster with the EU court decision.
The safe harbor agreement is not a treaty, but a voluntary agreement supported by various government agencies.
“We welcome the agreement, which will provide strong privacy safeguards for consumers and legal certainty for the thousands of companies that depend on transatlantic data flows," CCIA said in a statement. "We commend the European Commission and U.S. negotiators for agreeing on a strengthened framework, which we will now examine in further detail.”
CCIA also said there should be some flexibility in transitioning to the new agreement once it is finalized.
“We call on European Data Protection Authorities to endorse this new and strengthened framework and give time for Safe Harbor companies to transition. We also urge that existing commercial data transfer mechanisms remain viable.”
“We, Europe and the United States, are in this together, and are encouraged by this achievement that will promote a stable and secure environment,” said Victoria Espinel, president and CEO of BSA|The Software Alliance. “We and our member companies stand ready to work with data protection authorities and all interested stakeholders to determine ways to ensure a smooth transition to this much-needed new framework.”
The deal must still be approved by the EU member states and privacy groups last week were threatening to challenge it in court.
"In the wake of the Snowden disclosures, European citizens and policymakers are understandably concerned about privacy safeguards in U.S. law," said the Information Technology and Innovation Foundation, "[b]ut abruptly revoking the Safe Harbor agreement was the wrong way to address those concerns. We are pleased that U.S. and European policymakers have resolved this issue and support the free flow of data between these two markets. We hope the new agreement signifies a line of thinking that will shape future EU policy decisions as well."