Gina Raimondo, President Biden’s nominee for Commerce secretary, said during her Senate confirmation hearing that a privacy deal with the EU was a priority.
Photo: jonathan ernst/press poolEarly 2021 is turning out to be a delicate period for privacy negotiations. The European Union is conducting high-stakes talks with the Biden administration over how to allow corporate data transfers that will withstand future legal challenges despite U.S. intelligence-gathering practices. Separately, European privacy officials are working toward a June deadline to complete a similar arrangement with U.K. officials to continue data flows after the country left the union last year.
The EU’s top court ruled in July that companies must implement new safeguards to protect data if they send it to a country with intelligence laws that endanger Europeans’ privacy rights under the 2018 General Data Protection Regulation. It also said that Privacy Shield, a separate U.S.-EU data arrangement, is illegal. The decision prompted panic among corporate lawyers and executives about how to keep cross-border business afloat as some European privacy regulators advised companies to stop moving data to countries outside the bloc.
“This is really difficult and very frustrating, probably for everyone involved,” said Peter Swire, a former privacy official in the Obama and Clinton administrations, referring to the negotiations to broker a new deal between the U.S. and the EU. Mr. Swire spoke at the Consumer Privacy and Data Protection Conference on Friday.
Peter Swire, a former U.S. privacy official.
Photo: Rod Lamkey - Cnp/Zuma PressCompanies will be able to easily move personal data between the EU and the U.K., or the EU and the U.S., if European officials grant both countries a so-called adequacy decision. The bloc gives such a decision if it determines a country’s laws protect privacy in a way that is equivalent to EU standards. So far, only 12 countries have received adequacy decisions, including Japan and New Zealand. The now-illegal Privacy Shield with the U.S. was a similar arrangement.
The U.K. presents unique questions for a potential adequacy decision because it still applies the GDPR as a former member state, but could change data rules in the coming years, said Bruno Gencarelli, a European Commission official overseeing the discussions. “We have similar or identical starting points and we need to find a way to address also the future,” he said at a separate conference last week.
Without an adequacy decision, U.K. businesses face additional legal costs of an estimated £1 billion to £1.6 billion ($1.37 billion to $2.19 billion), according to a study published in November by the New Economics Foundation, a London-based think tank.
“We should recognize and embrace the fact that countries are going to take different approaches to data privacy,” said Joe Jones, head of the international data transfer regime at the U.K. Department for Digital, Culture, Media and Sport, speaking during the same panel as Mr. Gencarelli. “Just because a country does things differently to us doesn’t mean the outcome of data protection is any less high,” Mr. Jones said.
The umbrella group of European privacy regulators will need to weigh in on the EU-U.K. adequacy decision before it can go ahead. The European Commission, the EU’s executive arm, will soon ask the regulators for their opinion, an official said last week.
One concern regulators have is whether companies can transfer Europeans’ data to the U.K., and from there move it again to other countries such as the U.S., Florence Raynal, an adviser to the French privacy regulator said last week at the Consumer Privacy and Data Protection Conference. Ms. Raynal referred to the U.S.-U.K. Cloud Agreement that was agreed in 2019 to give law enforcement authorities easier access to data for criminal investigations. It hasn’t yet taken effect.
Talks between European and U.S. officials are much further behind. Only preliminary discussions on a successor agreement to the Privacy Shield have taken place since the July decision, Ralf Sauer, an EU official who works with Mr. Gencarelli said last week. “There’s still certainly a lot of work ahead. The devil will lie in the detail,” he said. However, Mr. Sauer said U.S. negotiators want to reach an agreement and referred to Gina Raimondo, President Biden’s nominee for Commerce secretary, who named the privacy deal a priority during her Senate confirmation hearing last week.
In the absence of adequacy decisions, many companies rely on standard contractual clauses to export data from the EU, contractual language that is preapproved by the European Commission.
But the EU court ruling last summer said the existing version didn’t include strong enough provisions to protect data from foreign surveillance. European officials plan to publish a new version in March. A previous draft of the clauses published in November included requirements for companies to assess foreign countries’ laws before determining how to move data.
Write to Catherine Stupp at Catherine.Stupp@wsj.com
"seal" - Google News
February 01, 2021 at 05:30PM
https://ift.tt/2L7uUYP
EU Aims to Seal Data-Flow Deals With US and Britain - The Wall Street Journal
"seal" - Google News
https://ift.tt/3c1qdrW
https://ift.tt/2SzWv5y
No comments:
Post a Comment