US, EU Agree on Changes to Data Transfer Pact

The United States and the European Union have agreed to changes that need to be made to a data transfer pact, which is essential for transatlantic business. Some of these changes include clearer limits on surveillance by the US government and stricter rules for companies that hold information on Europeans. The revised version of the US-EU Privacy Shield was sent for review overnight by the European member states. Several EU sources revealed that they are expected to conduct a vote in early July and that’s when the new data transfer pact will come into effect. Some of the cross-border data transfers that are made by businesses include human resources and payroll information as well as critical data that is used for targeted online advertising and this is of the utmost importance for technology companies.

However, three years ago, the revelations made by former NSA contractor Edward Snowden about the mass US surveillance practices led to considerable political outrage in Europe and also caused distrust of big US tech companies such as Google, Facebook and Apple. Last year, the data transfer agreement in effect previously had been shut down by the highest court in the EU and Washington and Brussels had rushed to hammer out a new pact. The reason for disbanding Safe Harbour, the previous agreement, was due to concerns over mass US surveillance practices, which had threatened data flows that are critical to the operations of billions of dollars of business.

Safe Harbour had been applied for 15 years, which had enabled both European and US firms to get around the complicated EU rules of data transfer. The agreement stated that they were in compliance with European privacy standards when information had to be stored on US servers. Some concerns had been expressed by EU privacy regulators when an initial deal had been made in February. Now, the US government has provided further explanations for specific conditions under which data may have to be collected by intelligence services in bulk. EU sources have also said that the government has provided details about safeguards on the use of data.

The Office of the Director of National Intelligence wrote a letter, which is the perfect example of the United States looking for information about the activities of a terrorist group in the Middle East that is believed to be planning attacks in Europe. The letter said that if Washington lacked information such as phone numbers, names and email addresses, then it would collect communications sent and received from that region and review and analyze it for identifying communications pertaining to that group.

Hence, even when specific selectors are targeted, the United States would still not be able to gain access to all communications from all facilities in the world. It was also explained by the United States that there would be an independent privacy official, who will be separate from the intelligence services. The role of this official would be to listen to complaints from EU citizens about US spying.

comments