US.and European Union negotiators appear close a fix for customer data-handling rules after a European court threw old regulations earlier this month.
Representatives of trade group the Direct Marketing Association said Wednesday they’re encouraged with efforts to negotiate a replacement 15-year-old Safe Harbor Framework, a set of rules that allow US companies to import European personal data while complying with strict EU privacy regulations.
In early October, the Court of Justice of the European Union (CJEU) in Luxembourg struck down the data transfer rules, over concerns about U.S. surveillance programs.
'Agreement in Principle'
US Department of Commerce officials have been negotiating with their European counterparts in recent on a so-called “Safe Harbor 2.0,” said Kelly DeMarchis, DMA’s legal counsel and a member the Venable law firm.
European Justice Commissioner Vera Jourova said Monday US and EU negotiators had reached an agreement in principle. Some technical discussions were ongoing, she said then.
Jourova’s announcement “seemed to indicate some sense of urgency among European stakeholders, which is a good sign,” DeMarchis said today.
Another important step came last week when the US House of Representatives passed the Judicial Redress Act, which would allow European citizens to file privacy lawsuits against US government agencies. That lack of legal protections for Europeans was one of the criticisms of the old Safe Harbor rules.
Two subcommittees in the US Congress will check on the status of the negotiations during a hearing next week.
The DMA is working to educate members about options for handling European customers’ data in the interim, DeMarchis said.
U.S. companies handling European customer data have several options, added Christopher Oswald, DMA’s vice president of advocacy.
US companies can adopt a set model contracts approved by the European Commission for handling personal data, or they can gather consent from individual customers to move their data, he said. Companies can also adopt new corporate rules for handling European data, he added.
“There are other alternatives outside of Safe Harbor and [companies] would do well to examine their own data flows from Europe and look at the alternatives to see which would serve the needs of their company,” Oswald said.