Both U.S. and European officials said Tuesday that while negotiations over a new Safe Harbor agreement have been productive, time is running short to formally finalize an accord before European data privacy regulators decide to take action against U.S. companies.
A Commerce Department representative and member of the European Union’s delegation spoke Monday as both sides hurry to complete a deal that will allow for the legal transmission of E.U. citizens’ personal data to the U.S. Justin Antonipillai, a counselor for Commerce’s undersecretary for economic affairs said there has been “constructive dialogue,” but now is the “time to act.”
“We are very, very focused on making sure that the Safe Harbor is improved, that we respect both sides institutions and laws, that we provide enough information about how our law enforcement and national security apparatuses operate and all of the limitations in which they do operate,” Antonipillai said at the Internet Education Foundation’s State of the Net Conference in Washington, D.C.
The initial Safe Harbor agreement, which was created in 2000, was invalidated last October when the European Court of Justice ruled that the NSA’s surveillance practices violated the agreement, because the self-certifications from U.S. companies could no longer be trusted due to the legal authority the agency had to enforce their cooperation.
European privacy regulators gave officials a deadline of Jan. 31 to reach a new deal.
Andrea Glorioso, who has represented the E.U. during the negotiations, said both sides are continuing to work in good faith despite the court ruling, noting that they were working on updating the Safe Harbor agreement long before the October ECJ ruling.
One of the bigger sticking points for the agreement has been the Judicial Redress Act, which is scheduled for markup this week. The act would extend data protections and remedies available to U.S. citizens under privacy law to European Union citizens giving them a framework for legal recourse — known as the Umbrella agreement — if U.S. agencies are found to violate the privacy rights of European citizens.
Glorioso said that despite the calls for the act to be passed in order to speed up Safe Harbor negotiations, he doesn’t feel it’s a necessary piece of the puzzle.
“Throughout our discussions, we have not asked for legislative changes in the U.S,” he said. “Our objective is to arrive at a situation which is satisfactory on both sides. Call us naive, but we think there is flexibility for us to achieve what we want to achieve within the legal framework within the U.S.”
While both sides seem to be positive that a deal will get done, a trade group representing many companies that would be affected by the failure to reach agreement said they have are growing uneasy as the deadline looms.
“Uncertainty is the best way to characterize where my companies currently sit,” said Bijan Madhani, a lawyer with the Computer & Communications Industry Association. “Over the past three months, they have been sitting on a knife’s edge because they are operating in good faith under the prior Safe Harbor that was in existence. With a tenuous legal basis as best, the Jan. 31 deadline has loomed ominously.”
Contact the reporter on this story via email at email@example.com, or follow him on Twitter at @gregotto. His OTR and PGP info can be found here. Subscribe to the Daily Scoop for stories like this in your inbox every morning by signing up here: fdscp.com/sign-me-on.