US & Europe miss deadline for new 'Safe Harbor' agreement on overseas data transfers

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

In spite of late-hour talks, U.S and European officials missed a deadline on Sunday to renegotiate a "Safe Harbor" agreement allowing companies like Apple and Google to shuttle data back and forth across the Atlantic.

The deadline was set by Europe's national privacy agencies, some of which have threatened legal action without a new agreement, according to the New York Times. The groups are set to publish their own judgment on Wednesday, and sources told the Times that officials involved in the negotiations are hoping to strike at least a broad deal beforehand.

Though in place for 15 years, in October, the previous Safe Harbor agreement was ruled invalid by the European Court of Justice, as it allowed American governmental agencies to gain access to the data of Europeans. The court specifically cited leaks from former National Security Agency contractor Edward Snowden, who revealed the broad reach of the organization across the globe — including the collection of data from millions of people not even under suspicion of a crime.

How data might be protected from U.S. surveillance is reportedly a major obstacle in the negotiations, as is how Europeans might be able to seek justice in American courts. The American faction is offering things like increased oversight over intelligence agencies' access to European data, and the creation of a data ombudsman at the State Department. Europeans would also be able to take direct legal action against American companies accused of using data illegally.

European negotiators are said to be concerned these arrangements might not stand up in the continent's courts, however, and asking for specifics on how the proposed programs would run.

Apple has yet to open its first European datacenters — which will launch in Ireland and Denmark in 2017 — which means that like a number of American tech businesses, it's dependent on sending data out of the region. Most such businesses should continue operating as usual for the foreseeble future, but could be forced to adopt more stringent measures and/or defend themselves against increased legal action until the landscape is settled.