EU-U.S. commercial data transfer pact clears final hurdle

A Google search page is seen through a magnifying glass in this photo illustration taken in Berlin, August 11, 2015.

Reuters/Pawel Kopczynski/Files

A commercial data transfer pact provisionally agreed by the EU executive and the United States in February received the green light from EU governments on Friday, the European Commission said, paving the way for it to come into effect next week.

Its introduction should end months of legal limbo for companies such as Google, Facebook and MasterCard after the EU’s top court struck down the previous data transfer framework, Safe Harbour, on concerns about intrusive U.S. surveillance.

Representatives of European Union member states voted in favor of the EU-U.S. Privacy Shield, which will underpin over $250 billion dollars of transatlantic trade in digital services by facilitating cross-border data transfers that are crucial to international business.

“Today member states have given their strong support to the EU-U.S. Privacy Shield, the renewed safe framework for transatlantic data flows,” Commission Vice-President Andrus Ansip and Justice Commissioner Vera Jourova said in a statement.

The Commission, the EU executive, will formally adopt the Privacy Shield on Tuesday.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to U.S. servers by giving EU citizens greater means to seek redress in case of disputes.

For 15 years Safe Harbour allowed both U.S. and European firms to get around tough EU data transferral rules by stating they complied with European privacy standards when storing information on U.S. servers.

Cross-border data transfers by businesses include payroll and human resources information as well as lucrative data used for targeted online advertising, which is of particular importance to technology companies.

Brussels and Washington intensified negotiations to hammer out a replacement for Safe Harbour after the Court of Justice of the European Union in October declared it invalid because it did not sufficiently protect Europeans’ data from U.S. snooping.

Revelations three years ago from former U.S. intelligence contractor Edward Snowden of mass U.S. surveillance practices caused political outrage in Europe and stoked mistrust of big U.S. tech companies.

“It (the Privacy Shield) is fundamentally different from the old Safe Harbour: It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice,” Ansip and Jourova said.

The United States will also create an ombudsman within the State Department to field complaints from EU citizens about U.S. spying.

EU data protection authorities in April demanded that the framework be improved, citing concerns with the leeway they said it left for the United States to collect data in bulk.

(Reporting by Julia Fioretti; Editing by Robert-Jan Bartunek and Susan Fenton)