The two largest American and European trade groups have warned of “enormous” consequences for thousands of businesses and millions of users in the event Brussels and Washington fail to wrap up talks on a data-transfer pact by the end of the month. They accelerated negotiations on a new framework enabling firms to easily transfer personal data across the Atlantic after the previous one was struck down by a top European Union court last year over concerns about U.S. snooping.
Under EU data-protection law, companies cannot transfer EU citizens’ personal data to countries outside the bloc deemed to have insufficient privacy safeguards, of which the U.S. is one.
Since the EU’s highest court ruled Oct. 6 that the 15-year-old Safe Harbor framework, used by more than 4,000 firms to transfer Europeans’ data to the U.S., did not adequately protect the data because U.S. national-security requirements trumped privacy safeguards, outfits on both sides of the Atlantic have been in legal limbo.
In a letter addressed to U.S. President Barack Obama, European Commission President Jean-Claude Juncker and the 28 European heads of state that was seen by Reuters, four business associations warned of the dire economic impact if data flows between the two blocs were disrupted.
“This issue must be resolved immediately or the consequences could be enormous for the thousands of businesses and millions of users impacted,” said the letter from the U.S. Chamber of Commerce, the Information Technology Industry Council, DigitalEurope and BusinessEurope.
The groups also ask for a transition period to comply with any revised data-transfer framework, especially for those small and midsize businesses that relied entirely on Safe Harbor.
EU data-protection authorities gave Brussels and Washington until the end of January to forge a new pact and businesses the same deadline to set up alternative legal channels to transfer personal data across the Atlantic, such as binding corporate rules within multinationals or model clauses.
While a political agreement may be possible in that time, ironing out the legal details will take longer, according to a person familiar with the talks.
However, the business groups warn that all data-transfer mechanisms are in jeopardy as a result of the EU ruling, something echoed by lawyers, and that could impact nearly all financial transactions between the two largest economies in the world.
“We therefore urge your leadership to ensure a durable legal framework for transatlantic data flows in the future,” the letter said.
EU privacy regulators are due to meet Feb. 2 to decide whether they should start taking enforcement action against companies if they come to the conclusion that all transfer mechanisms fall afoul of EU law and there is no new framework in place.
Revelations two years ago of mass U.S. surveillance programs where American authorities collected private information directly from big tech firms such as Apple Inc., Facebook Inc. and Google unit of Alphabet Inc. riled Europe and set the stage for the European Court of Justice ruling.