Tentative Safe Harbour Agreement Reached—For Now

By Rachel Holdgrafer, Business Content Strategist, Code42

02_03_16_safeharbour_blogThe European Union and the United States have reached a preliminary agreement that would allow companies doing business on both sides of the Atlantic to resume transmitting individuals’ digital data.

Struck down in October 2015 for failing to sufficiently protect European citizens’ data, transatlantic data transfer governed by the Safe Harbour Agreement is the life blood of thousands of companies including Google, Amazon and Pfizer. European privacy groups demanded that an agreement be reached by January 31 and while negotiators missed the deadline, they reached agreement on February 2.

The new legislation guarantees that U.S. intelligence agencies would not have:

indiscriminate access to Europeans’ digital data when it is sent across the Atlantic in the course of business.

It also puts more responsibility on U.S. companies to protect the data of European citizens. Additionally, the European Commission reports that European citizens who believe that their data has been misused will have several possibilities for redress.

Companies have deadlines to reply to complaints. European DPAs can refer complaints to the Department of Commerce and the Federal Trade Commission. In addition, Alternative Dispute resolution will be free of charge. For complaints on possible access by national intelligence authorities, a new Ombudsperson will be created.

But companies doing business in both Europe and the United States are not in the clear yet. The New York Times reports:

Many obstacles still await the deal, which must be officially approved by the union’s 28 member states. National data protection regulators have yet to give their support to the pact, and European privacy-rights advocates are preparing to file legal challenges seeking to overturn it.

European privacy groups are skeptical that the U.S. will uphold the data protection rights that European citizens demand and “support further restrictions on how companies can move the data if they suspect it may still be misused.”

Leave a Reply

The name and email fields are solely used to comment on posts. Cloud Security Alliance does no further processing of this data. See Section 3 of the CSA Privacy Policy for details.

Share this content on your favorite Social Network.