Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Safe Harbor crunch time: Today's the day to hammer out privacy deal

US, Euro officials still wrangling over security services' access to your personal data

US and EC (European Commission) officials have until the end of the day today to reach a new Safe Harbor agreement or risk a breakdown of transatlantic e-commerce.

Despite furious efforts over three months and, for the past few weeks, daily meetings between officials, the two sides are still reportedly at loggerheads over two issues:

  • A clear explanation over what access US security services have to data sent from Europe.
  • How European citizens can sue if they believe their data has been mishandled.

Both issues were flagged more than a week ago, and despite officials being tight-lipped about negotiations, the impending deadline has resulted in a number of leaks about what is being proposed.

US officials claim to have given a thorough and clear rundown of what rules the US security services (including the NSA) operate under, and what access they have to data under what specific circumstances.

European officials, however, continue to have questions over that explanation, especially how the US government chooses to define the term "exceptional circumstances" – a phrase that would appear to still grant the NSA the right to carry out mass surveillance.

As for providing European citizens with a right to judicial review, the US has reportedly suggested the creation of an ombudsman to deal with complaints and information requests from individuals. The ombudsman would be based in the State Department – as opposed to Commerce or another arm.

That approach will be made possible by the last-minute approval of the Judicial Redress Act, which is currently waiting on a Senate vote.

European officials are unsure whether that arrangement would provide real accountability or is just a sop to get the deal done. Their proposal is to let European data protection authorities investigate complaints.

Dynamic

While the US has previously had a lot of success with this approach – playing hardball but making sure it remains in overall control of everything – the negotiations are a little different this time around.

Since the Safe Harbor agreement was struck down by a ruling of the European Court of Justice, EC officials are obliged to make sure the ECJ's concerns are dealt with adequately. Diplomatic fudges and creative ambiguity are in limited supply. In addition, a failure to reach agreement would disproportionately impact US businesses such as Facebook and Google, putting US negotiators in a tough spot.

That said, the deadline remains in one sense arbitrary. It was set by the Article 29 Working Party as a way to force the two sides to reach agreement, after three years of making little progress.

A key US negotiator even pegged the deadline not as January 31, but to the next meeting of the Working Party on Tuesday, February 2. Even if agreement were reached in time, it would still take several months for it to be approved and enacted.

If agreement is not reached, it falls to the Article 29 Working Party to decide what to do. It has previously warned if there is no agreement that it would "take all necessary and appropriate actions, which may include coordinated enforcement actions."

But quite what those actions would be and how they would be enforced is uncertain. It's certainly something that both US and EC officials – and businesses on both sides of the Atlantic – want to avoid.

Some companies have claimed that changes to their terms and conditions have the same sort of legal protection that the Safe Harbor agreement provided. But it is likely that the Article 29 Working Party will simply disagree with that claim, putting companies in the position of having to decide whether to halt transatlantic data transfers or continue on as usual and risk facing legal challenges.

What does happen will be decided in the next 24 hours. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like