The U.S. Commerce Department is still pushing for a new agreement with the European Union that allows companies to legally transfer data across the Atlantic, an agency official said, but did not provide a timeline for a deal. as the negotiations with Brussels enter their second. year.
The Biden administration is considering executive action rather than a legislative fix to provide greater protections for EU citizens after the bloc’s highest court said last year that their personal information was exposed to US surveillance, he said. Alex Greenstein, director of the Department of Commerce’s Privacy Shield program, which certified companies for such data transfers until the decision.
Greenstein spoke Tuesday at a virtual event hosted by the Information Technology and Innovation Foundation, a think tank based in Washington, DC.
The European Court of Justice ruling created legal uncertainty for companies that share data across borders to provide cloud infrastructure, advertising and other services that generate billions of dollars in commerce. Privacy experts warn that continued confusion over how US officials comply with EU data standards may push some of the roughly 5,400 companies in the program to relocate data or digital infrastructure on the block.
“As a matter of priority, we want to get something up and running as quickly as possible,” said Greenstein, who is helping lead discussions with EU officials on a successor deal to the Privacy Shield. “But it also has to be a solid agreement that meets legal standards.”
US and EU officials discussed the issue at a summit in Brussels last month, Greenstein said.
The Commerce Department is studying possible security measures for Washington’s access to EU personal data, he said, as well as redress options for citizens in case of surveillance. A 2014 Obama administration directive on the government’s approach to these issues helped form the basis for the eventual Privacy Shield deal.
“We don’t want this to fall into another legal challenge,” Greenstein said.
A spokesman for the European Commission, the EU executive branch, said talks are expected to continue through the summer. He made no further comment.
Transatlantic data flows are crucial for US companies that rely on customer data to perfect their services, including the big tech companies that dominate the digital advertising industry, privacy experts say. Instead, some companies have turned to more personalized legal tools to transfer data.
As talks with Brussels continue, Greenstein said, the Commerce Department has tried to help companies use those mechanisms, known as standard contract clauses and binding corporate rules.
But since most of the companies approved for Privacy Shield were small and medium-sized companies that can find such solutions expensive, he added, “we also recognize that it is not a silver bullet.”
Privacy experts say that standard contract clauses and binding corporate rules are generally more expensive for companies.
The negotiations highlight how corporate data collection, processing and storage is raising a growing number of geopolitical issues for governments in the US and elsewhere.
In recent weeks, Chinese regulators have launched investigations into large tech companies, including ride-sharing giant Didi Global. INC.,
about its cybersecurity and data protection practices. In Washington, disagreements between national security and trade officials over worker protection have slowed their attempts to craft a digital trade agreement with Asian countries that aims, in part, to counter Beijing’s influence.
—Catherine Stupp contributed to this article.
Write to David Uberti in [email protected]
Copyright © 2021 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8
