Privacy & Information Security Law Blog

On Monday, October 26, 2015, EU Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, gave a speech before the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) on the recent ruling by the Court of Justice of the European Union (the “CJEU”) that invalidated the European Commission’s Safe Harbor Decision. The EU Commissioner welcomed the Article 29 Working Party’s statement and, in particular, its support for a new Safe Harbor framework by January 31, 2016. However, the EU Commissioner called for more clarity in the meantime. Accordingly, she announced that the European Commission will soon issue an explanatory document on the consequences of the CJEU’s ruling to provide guidance for businesses on international data transfers.

The EU Commissioner also provided a status update of the negotiations with the U.S. authorities on the new Safe Harbor framework. The EU Commissioner clarified that the aim of these negotiations is not to impose the same level of data protection in the U.S. as is provided in Europe, but to offer safeguards in the U.S. that are “globally equivalent” to European data protection standards. Several meetings have already been held and discussions will continue until the EU Commissioner’s visit to Washington in mid-November. The EU Commissioner also indicated that an agreement has been reached “in principle” on a new “self-certification” system with “effective detection and supervision mechanisms” that will transform the current system from self-regulating to a system with more oversight and enforcement. Under the new system, the interface and communication channels with EU data protection authorities ("DPAs") and the U.S. Department of Commerce will be improved and EU DPAs will be more active and visible in their role in reviewing the functionality of the new system. However, the EU Commissioner explained that EU and U.S. authorities are still discussing how to ensure that these commitments comport with the CJEU’s ruling. Similarly, EU and U.S. authorities are still working to implement an annual joint review mechanism that will cover all aspects of the functionality of the new system, including the use of exemptions for law enforcement and national security grounds.

In addition, the EU Commissioner stated that some progress has been made towards more targeted and tailored surveillance by U.S. authorities and increased protection for EU citizens. For example, certain protections formerly reserved to U.S. citizens have been proposed to be extended to EU citizens. The European Commission is still assessing these safeguards and getting further clarification, but the EU Commissioner welcomed these new initiatives as encouraging elements for the negotiations. In particular, she welcomed the U.S. Bill of Judicial Redress that would extend judicial protection under the U.S. Privacy Act to EU citizens.

The EU Commissioner indicated that she will keep the LIBE Committee informed about the next stages of the discussions.