EU data protection watchdogs have set a January deadline for the EU and US to strike a new accord allowing Europeans’ data to be sent across the Atlantic, or risk enforcement action.
In a landmark ruling the European Court of Justice decried the Safe Harbour agreement as invalid on 6 October. The court sided with Austrian law student Max Schrems, who had challenged the deal, claiming his private data was unsafe in the US because of NSA surveillance.
The deal, introduced 15 years ago, had allowed people's’ personal data from sites like Facebook and Google to be transferred between countries. After the ECJ ruling, US companies may be unable to handle data from anyone in the EU, something experts have described as “extremely bad news” for EU-US trade.
Now, Article 29 Working Party, a group of European data protection authorities, have written an open letter essentially saying that the race is on for a new agreement. In the letter, the group write that it is “absolutely essential” to have a robust position on how to implement the ECJ ruling.
Working Party urge negotiating teams from both the EU and the US to speed up talks to “find political, legal and technical solutions enabling data transfers” that “respect fundamental rights”, and the group decry NSA’s “massive and indiscriminate” surveillance as incompatible with EU laws.
The group adds that if no solution is found in the next few months, enforcement action may be necessary:
If by the end of January 2016, no appropriate solution is found with the US authorities and depending on the assessment of the transfer tools by the Working Party, EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions.