EU-US commercial data transfer pact clears final hurdle

A commercial data transfer pact provisionally agreed by the EU executive and the United States in February received the green light from EU governments yesterday, the European Commission said, paving the way for it to come into effect on Tuesday.

Its introduction should end months of legal uncertainty for companies such as Google, Facebook and MasterCard after the EU's top court struck down the previous data transfer framework, Safe Harbour, due to concerns about intrusive US surveillance.

Representatives of EU member states mostly voted in favour of the EU-US Privacy Shield, but there were abstentions from Austria, Slovenia, Bulgaria and Croatia, sources said. Austria and Slovenia said the pact does not go far enough to secure citizens' privacy.

The Privacy Shield seeks to strengthen the protection of Europeans whose data is moved to US servers by giving EU citizens greater means to seek redress in disputes.

For 15 years Safe Harbour allowed US and European firms to get around EU data transferral rules by stating they complied with European privacy standards when storing information on US servers.

Online advertising

Cross-border data transfers by businesses include payroll and human resources information, plus lucrative data used for targeted online advertising.

Brussels and Washington intensified negotiations to hammer out a replacement for Safe Harbour after the Court of Justice of the European Union in October declared it invalid because it did not sufficiently protect Europeans' data from US snooping.

“It (the Privacy Shield) is fundamentally different from the old Safe Harbour: It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice,” commission vice-president Andrus Ansip and justice commissioner Vera Jourova said in a statement. – (Reuters)