After years of thorny negotiations, top EU and U.S. officials say they are close to agreement on two privacy accords that would regulate the transfer of personal data of European citizens to the U.S.
At stake is the ability of U.S. and European companies and governments to share data about private citizens for commercial and law enforcement purposes.
A version of one of the two privacy deals being discussed, the Safe Harbor accord, has been in force for years but is being renegotiated. Failure to reach agreement on how to change the accord would spell serious trouble for companies like Google, Facebook and Twitter, which have relied on it to transmit data on EU citizens to the U.S. for processing and storage.
The Safe Harbor deal regulates the commercial transfer of personal data of EU citizens to the U.S. The second accord being negotiated is the so-called "Umbrella Agreement," meant to protect personal data transferred between the EU and the U.S. for law enforcement purposes. It's been under negotiation since March 2011.
EU and U.S. officials conferred Wednesday during an EU Justice and Home Affairs Ministerial meeting in Riga, Latvia, and said they made progress on the privacy agreements.
"I am so happy that we are close to final accord on such important measures as the Umbrella Agreement and the Safe Harbor provision," said U.S. Attorney General Loretta Lynch at a press conference after the meeting. It was her first time in Europe to negotiate the deals. "We have also sought to balance the individual right to privacy with the need to offer the greatest protection to all of our citizens, and I believe that we are indeed close to striking that balance and coming to a very positive accord."
European officials appeared to agree.
"On data protection issues, we are making solid progress," said Justice Commissioner Vra Jourová during the press conference.
The European Commission, the EU's executive and regulatory body, originally aimed to conclude the talks by the end of May.
The Commission had demanded a renegotiation of the Safe Harbor agreement after revelations by former U.S. security contractor Edward Snowden showed the extent of U.S. spying programs. In 2013, the Commission gave the U.S. a list of changes it wanted to the Safe Harbor accord. Most of them did not pose a problem, but a requirement for U.S. government officials to use the national security exception in the Safe Harbor agreement only "to an extent that is strictly necessary or proportionate," is still a hurdle.
Under Safe Harbor, companies like Facebook can send personal data they have collected from EU users to the U.S. However, U.S. law enforcement only has access to that data for purposes of national security.
Sign up for Computerworld eNewsletters.