US and EU firms warn of “enormous” consequences if data pact talks fail
The two largest American and European trade groups have warned of “enormous” consequences for thousands of businesses and millions of users if Brussels and Washington fail to wrap up talks on a data transfer pact by the end of the month. The United States and Washington accelerated negotiations on a new framework enabling firms to easily transfer personal data across the Atlantic after the previous one was struck down by a top EU court last year on concerns about US snooping. Under European Union data protection law, companies cannot transfer EU citizens’ personal data to countries outside the bloc deemed to have insufficient privacy safeguards, of which the United States is one. Since the EU’s highest court ruled on October 6 that the 15-year-old Safe Harbour framework, used by over 4,000 firms to transfer Europeans’ data to the United States, did not adequately protect the data because US national security requirements trumped privacy safeguards, firms on both sides of the Atlantic have been in legal limbo. In a letter, seen by Reuters, to US president Barack Obama, European Commission president Jean-Claude Juncker and the 28 European heads of state, four business associations warned of the dire economic impact if data flows between the two blocs were disrupted. “This issue must be resolved immediately or the consequences could be enormous for the thousands of businesses and millions of users impacted,” the letter from US Chamber of Commerce, BusinessEurope, DigitalEurope and the Information Technology Industry Council says. The groups also ask for a transition period to comply with any revised data transfer framework, especially for those small and medium-sized businesses that relied entirely on Safe Harbour. Impending deadline European Union data protection authorities gave Brussels and Washington until the end of January to forge a new pact and businesses the same deadline to set up alternative legal channels to transfer personal data across the Atlantic, such as binding corporate rules within multinationals or model clauses. While a political agreement may be possible in that time, ironing out the legal details will take longer, according to a person familiar with the talks. However the business groups warn that all data transfer mechanisms are in jeopardy as a result of the EU ruling, something echoed by lawyers, and that could impact nearly all financial transactions between the two largest economies in the world. “We therefore urge your leadership to ensure a durable legal framework for transatlantic data flows in the future,” the letter says. EU privacy regulators are due to meet on February 2 to decide if they should start taking enforcement action against companies if they come to the conclusion that all transfer mechanisms fall foul of EU law and there is no new framework in place. Revelations two years ago of mass US surveillance programmes where American authorities collected private information directly from big tech firms like Apple, Facebook and Google riled Europe and set the stage for the European Court of Justice ruling.