The European Union wants guarantees of effective limits on US authorities' power to request people's personal information from companies to conclude a new EU-US data transfer pact, a top EU official said on Monday, as a deadline from EU privacy regulators looms, reports Reuters.
Securing sufficient assurances US spies will not access Europeans' personal data indiscriminately once it is transferred across the Atlantic has been a major point in two years of talks on a new framework for protecting data shifted to the United States. Under EU data protection law, companies cannot transfer EU citizens' personal data to countries outside the 28-nation bloc deemed to have insufficient privacy safeguards, of which the United States is one.
"We need guarantees that there is effective judicial control of public authorities' access to data for national security, law enforcement and public interest purposes," EU Justice Commissioner Vera Jourova said at a conference in Brussels.
The talks took on added urgency in October when the EU's top court struck down the 15-year-old Safe Harbour framework, used by more than 4,000 firms to transfer Europeans' data across the Atlantic easily, because the material was vulnerable to being accessed by US authorities on national security grounds.
Adding to the pressure, EU data protection authorities gave the two sides until the end of January to come up with a new framework for protecting data transferred to the United States, failing which they could start taking enforcement action against companies. Jourova said talks would continue on the margins of the World Economic Forum in Davos, Switzerland. Andrus Ansip, the EU Commissioner responsible for digital affairs, is due to meet US Secretary of Commerce Penny Pritzker on Thursday. The Commission is also seeking more transparency on limits to US security services collecting personal data, Jourova said.
US negotiators have so far resisted a mandatory system for companies to report numbers of US government access requests, people familiar with the talks have said. However, one alternative would be for the United States to keep the EU informed on how often US authorities access personal data on national security grounds as part of an annual review process of the new framework, two of the people said, accordinig to Reuters.