Last October, the European Union's Court of Justice ruled that European citizens' data isn't safe when stored in the U.S., cutting some 4,500 American companies off from the benefits of the E.U.'s "Safe Harbor" system. That meant that American businesses could be forced to comply with complicated restrictions on sending personal data out of Europe, limiting the transfer of everything from consumers' favorite websites to employees' birthdates.
That is, unless Europe and the United States could come to a compromise before the new restrictions came into effect. They couldn't. The deadline for reaching an agreement over data privacy came and went Sunday night, with neither side nearing a compromise.
What the Loss of Safe Harbor Means
For 15 years, U.S. companies had benefited from a data sharing pact with Europe. The E.U.'s Safe Harbor system meant that American companies could avoid complicated restrictions on transferring personal data outside of Europe. So long as the business's home country that could ensure that European citizens' private data was protected.
The U.S. can't make those assurances anymore, the E.U.'s Court of Justice ruled. The court ruled that, despite all the best efforts of American companies, N.S.A. spying meant that the U.S. government could "disregard, without limitation, the protective rules laid down" by the Safe Harbor scheme.
Loss of Safe Harbor would be a technological and logistical headache for many American companies. It could mean, for example, that the identifiable information Facebook collects on its users must remain in Europe and cannot be transferred to its offices in the U.S. But it's not just tech companies that would be affected. Any American company that collects personally identifiable information on European citizens -- even on their European employees -- could be hindered in transferring that information back home.
Failed Negotiation, Missed Deadline
E.U. and U.S. negotiators had given themselves until the end of January to reach a compromise on data protection that would allow the Safe Harbor agreement to continue. When the clock struck midnight on February 1st, the two sides were still worlds apart.
At Davos last week, U.S. Secretary of Commerce Penny Pritzker said that the U.S. had put in place "post-Snowden" privacy protections for all people that "very much align with the requirements" of the European Court of Justice.
It doesn't seem like European negotiators agreed. The main sticking points to an agreement have remained protection from government spying and legal redress for European citizens who believe their privacy rights have been violated.
We Still Have 'Til Wednesday
The fact that the negotiations missed their deadline doesn't mean that there is no hope for a last minute agreement, however. European privacy agencies are expected to announce new data privacy rules on Wednesday. Some have threatened to take strong legal action against U.S. businesses, The New York Times reports.
But in the meantime, negotiators continue looking for a compromise, hoping to pull together a last minute agreement before the ax falls later this week.
- EU-U.S. Data Transfers Threatened Amid Race for Safe-Harbor Deal (Bloomberg)
- Are U.S. Companies Violating European Union Privacy Rules? (FindLaw's Technologist)
- The Right to Be Forgotten Must Be Global, France Tells Google (FindLaw's Technologist)
- ACLU Launches Pro-Privacy Bills in Tech Campaign (FindLaw's Technologist)