Login Register Subscribe
Current Issue

E.U. seeks to reassure companies about trans-Atlantic data transfers

Reprints

(Reuters) — The European Commission on Friday will seek to reassure firms operating on both sides of the Atlantic that they can continue to transfer Europeans' personal data to the United States after a court struck down a system used by over 4,000 companies to do just that.

The highest E.U. court last month ruled that Safe Harbor, which for 15 years has helped firms avoid cumbersome checks to transfer data between offices on both sides of the Atlantic, did not sufficiently protect E.U. citizens since the requirements of American national security, public interest and law enforcement trumped the privacy safeguards it contained.

U.S. and E.U. companies, from Google Inc. to Microsoft Corp., shuffle personal data across the Atlantic on a daily basis, whether it is employee data for multinationals whose human resources functions are in the United States, or user data collected by web companies to be used in the billion-dollar online advertising market.

The Commission, which is negotiating a new data transfer arrangement with the United States, will issue an explanation of the ruling to guide businesses, and reassure them that a new E.U.-U.S. data transfer deal is a priority, an E.U. official said.

"It's important to restate and reconfirm ... that the alternative tools can be used, because that is an important basis for businesses who had acted under Safe Harbor in good faith," the official said.

The Safe Harbor system allowed companies to self-certify that they complied with E.U. privacy law when transferring E.U. citizens' personal data to outside countries deemed to have insufficient safeguards, which include the United States.

A group bringing together the 28 E.U. data protection authorities gave firms a three-month grace period to put in place alternative legal tools.

However, last week German data protection authorities said they would not issue any new authorizations for data transfers to the United States on the basis of binding corporate rules or standard contractual clauses.

The Commission will on Friday also reassure firms that arrangements similar to Safe Harbor regulating data transfers to countries such as Argentina, Canada, Israel, New Zealand and Switzerland are not affected by the ruling, the official said.

These arrangements will, however, have to be reviewed regularly under a new E.U. data protection law.