This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.nytimes.com/2016/04/14/technology/europe-us-data-privacy.html

The article has changed 4 times. There is an RSS feed of changes available.

Version 1 Version 2
Europe’s Privacy Watchdogs Call for Changes to U.S. Data Transfer Deal Europe’s Privacy Watchdogs Call for Changes to U.S. Data-Transfer Deal
(about 3 hours later)
Europe cannot make up its mind about how to protect people’s privacy. Only two months after the European Union’s top policy makers agreed to a hard-won data-sharing agreement with United States officials, the region’s national privacy regulators said on Wednesday that the deal did not go far enough to safeguard the personal information of Internet users in Europe.
Only two months after the region’s policy makers agreed to a data-sharing agreement with American officials that allowed companies like Facebook to move individuals’ personal data across the Atlantic, European privacy watchdogs said on Wednesday that the deal still did not offer their citizens sufficient protections. The “E.U.-U.S. Privacy Shield,” which would allow companies to continue sending personal data back and forth across the Atlantic, is still widely expected to be ratified by early summer. But by sounding the alarm over the current deal, national privacy watchdogs from France, Germany and other European Union member states have served notice that American companies like Google, Facebook and Amazon could face protracted country-by-country legal battles.
Though the national regulators’ statement is nonbinding, it is a major setback for European and United States negotiators who had spent years hammering out a data-transfer agreement that polices how companies like Google and General Electric, among others, can move data as varied as employees’ financial information and social media posts between the two regions. The regulators say they worry that companies could misuse data, including information from search engine queries and social media posts. They also say they fear that American law enforcement and intelligence agencies might gain access to European citizens’ personal information without sufficient safeguards in place.
And because European data protection authorities have the power to investigate and, in some cases, to fine companies that have broken tough privacy rules in the region, legal experts say that Wednesday’s decision to not fully endorse the “E.U.-U.S. Privacy Shield” might lead to continuing uncertainty on how personal information is handled by some of the world’s largest companies.
“From the outside, it must look like Europe can’t speak with one voice on privacy,” said Patrick van Eecke, a data protection lawyer at DLA Piper in Brussels. “This is becoming kind of a circus.”“From the outside, it must look like Europe can’t speak with one voice on privacy,” said Patrick van Eecke, a data protection lawyer at DLA Piper in Brussels. “This is becoming kind of a circus.”
As part of their announcement on Wednesday, European national privacy regulators said the data-transfer agreement was an improvement on previous rules. But they said they remained concerned over American intelligence agencies’ apparent indiscriminate access to their citizens’ personal data when it is transferred to the United States. The stance taken by the regulators which have the power to investigate and, in some cases, to fine companies that have broken privacy rules in the region represents a major setback for European and United States negotiators who had spent years hammering out the deal.
That access, according to the privacy watchdogs, is not matched with protections currently offered in Europe, and new legal mechanisms to allow Europeans to monitor how their data is used in the United States need to be strengthened. And the protest from the regulators signals that they could open cases and levy fines on companies that rely on moving data such as employees’ financial information or social media posts across the Atlantic.
“We believe there’s still work to do,” Isabelle Falque-Pierrotin, France’s data protection chief, who also heads a Pan-European regulatory privacy group, said on Wednesday. “We need to ensure that protections of the Privacy Shield are indeed essentially equivalent to what is available in Europe.” As part of their announcement on Wednesday, European national privacy regulators said the data-transfer agreement was an improvement on previous rules. But they added that they remained concerned over American intelligence agencies’ seemingly indiscriminate access to citizens’ personal data when it is transferred to the United States.
Ms. Falque-Pierrotin called on the European Commission, the executive arm of the European Union that had negotiated the data-transfer agreement, to make further changes to the deal to meet the regulators’ concerns. That access, according to the privacy watchdogs, is not subject to protections that match those currently offered in Europe. The regulators also said that new legal mechanisms to allow Europeans to monitor how their data is used in the United States needed to be strengthened.
That included fears that indiscriminate bulk collection of Europeans’ data by United States and European intelligence agencies failed to comply with the region’s tough data protection rules. The privacy regulators also said the independence of a United States ombudsman reviewing European data protection complaints must be strengthened. “We believe there’s still work to do,” Isabelle Falque-Pierrotin, France’s data protection chief, who also heads a Pan-European privacy regulator, said on Wednesday. “We need to ensure that protections of the Privacy Shield are indeed essentially equivalent to what is available in Europe.”
Vera Jourova, the European justice commissioner, said in a statement on Wednesday that she would try to incorporate the regulators’ views in the final Privacy Shield pact, though she did not say which of their proposals would be included. Ms. Falque-Pierrotin called on the European Commission, the executive arm of the European Union that negotiated the data-transfer agreement, to make further changes to the deal to meet the regulators’ concerns.
Those included fears that the indiscriminate bulk collection of Europeans’ data by United States and European intelligence agencies failed to comply with the region’s data protection rules. The privacy agencies also said the independence of a United States ombudsman reviewing European data protection complaints had to be strengthened.
Vera Jourova, the European justice commissioner, said in a statement on Wednesday that she would try to incorporate the regulators’ views into the final Privacy Shield pact, though she did not say which of the proposals would be included.
But Ms. Jourova also emphasized that attention should now turn to getting European countries’ approval for the data-transfer agreement by next month.But Ms. Jourova also emphasized that attention should now turn to getting European countries’ approval for the data-transfer agreement by next month.
“I count on data protection authorities to help ensure that the E.U.-U.S. Privacy Shield works well in practice,” she added. “I count on data protection authorities to help ensure that the E.U.-U.S. Privacy Shield works well in practice,” she said.
European privacy campaigners, including Max Schrems, an Austrian law student whose legal case against Facebook led the region’s highest court to invalidate the previous trans-Atlantic data agreement, known as “Safe Harbor,” have called for greater restrictions on how companies and United States government agencies access people’s digital information. European privacy campaigners, including Max Schrems, an Austrian law student whose case against Facebook led the region’s highest court to invalidate the previous trans-Atlantic data agreement, the so-called Safe Harbor, have called for greater restrictions on how companies and United States agencies gain access to user’s digital information.
Some are also preparing legal challenges to the new Privacy Shield deal, saying that it fails to uphold Europe’s tough privacy rules, which are viewed as being on a par with other fundamental rights, like freedom of expression. Some are also preparing legal challenges to the Privacy Shield deal, saying that it failed to uphold Europe’s tough privacy rules, which are viewed as being on a par with other fundamental rights, like freedom of expression.
American officials contend that new oversight mechanisms — including the newly created ombudsman in the State Department to handle European data queries — sufficiently protect people’s privacy rights. They also add that United States safeguards over how national intelligence agencies gain access to personal data go beyond what is currently available in many countries in the European Union. American officials contend that new oversight mechanisms — including an ombudsman in the State Department to handle European data queries — sufficiently protect privacy. They also say that American safeguards over how national intelligence agencies gain access to personal data go beyond what is available in many countries in the European Union.
“The U.S. has a different structure than Europe, but both systems offer robust privacy protection,” Penny Pritzker, the United States commerce secretary, who led the American negotiating team to revamp the data-transfer agreement, said in a recent interview. “The U.S. has a different structure than Europe, but both systems offer robust privacy protection,” Penny Pritzker, the United States commerce secretary who led the American team in negotiating to revamp the data-transfer agreement, said in a recent interview.
Despite Europe’s national regulators raising concerns over Privacy Shield, legal experts and policy makers still expect the trans-Atlantic data-transfer deal to be approved by European countries by early summer. Despite Europe’s national regulators raising concerns over Privacy Shield, legal experts and policy makers still expect the agreement to be approved by European countries by early summer.
That is because the European Commission has the sole power to agree to the new rules, and because individual countries, particularly the likes of Ireland and Britain, where many American technology companies have headquarters, have given their support to the trans-Atlantic deal. That is because the European Commission has the sole power to agree to the new rules, and because some countries, particularly the likes of Britain and Ireland, where many American technology companies have headquarters, have given their support to the trans-Atlantic deal.
It remains unclear whether the European Commission will alter Privacy Shield to answer national regulators’ concerns, though it is unlikely that European officials will reopen negotiations with their American counterparts to bolster the current agreement. It remains unclear how the European Commission will alter Privacy Shield to answer national regulators’ concerns, though it is unlikely that European officials will reopen negotiations with their American counterparts.
But by calling for changes to how digital data is moved between the two regions, Europe’s privacy regulators — which will soon gain the right to fine companies up to 4 percent of their global revenue if they are found to have broken local data protection laws — have signaled they could use their powers to restrict how some companies handle people’s digital information. But Europe’s privacy regulators — which will soon gain the right to fine companies up to 4 percent of their global revenue if they are found to have broken local data protection laws — may still not be satisfied with any changes to the data-transfer agreement, increasing uncertainty over how some of the world’s largest companies will handle digital information.
“No national regulator wants to put companies in a legal limbo,” said Alexander Whelan, a senior policy manager at Digital Europe, an industry trade body whose members include Google and Microsoft. “We’re now in a waiting game.” “No national regulator wants to put companies in a legal limbo,” said Alexander Whalen, a senior policy manager at Digital Europe, an industry body whose members include Google and Microsoft. “We’re now in a waiting game.”