The flow of personal data is something that can easily be taken for granted in an era of lightning-fast Wi-Fi connections, always-on mobile devices and dozens of personal accounts maintained and accessed by consumers across the Internet. However, personal data — and the right to access it — is still subject to laws, borders and trade regulations in much the same way material goods are. As such, the U.S. Federal Trade Commission (FTC) is now deadlocked in negotiations with one of the EU’s top courts in Brussels as they try to reach an agreement on how the private data of EU citizens can be accessed and used by U.S. companies.
This past October, the European Court of Justice struck down the Safe Harbour pact, an agreement between the EU and the U.S. that had previously given U.S. companies the ability to access the personal data of EU citizens. Under the Safe Harbour system, the onus falls on U.S. companies to comply with EU privacy laws when transferring personal data of EU citizens to countries considered to offer insufficient privacy safeguards; that list includes the United States. The court struck down the agreement due to concerns over mass U.S. surveillance.
Personal data is exchanged daily between both U.S. and EU companies, including employee data for multinationals, as well as user data mined by Internet companies to be used in the billion-dollar online advertising market. However, after U.S. government spying operations were brought into the spotlight by National Security Agency contractor Edward Snowden in 2013, the Safe Harbour system came under new strain.
In its October ruling, the European Court of Justice argued that the national security needs of the U.S. had trumped the privacy of EU citizens under the Safe Harbour system. The court also argued that Safe Harbour, which is used by more than 4,000 U.S. and EU companies, does not offer EU citizens proper legal channels to challenge misuse of their data. Meanwhile, the FTC is reluctant to see the Safe Harbour system go, as it would leave U.S. companies susceptible to lengthy processes currently required in the EU to access private data.
Now, in negotiations to reach a new agreement, which both sides hope to wrap up by January, the EU seeks a larger role for European watchdog groups. This would would allow EU citizens to complain directly to their national authorities if they had concerns their data was being misused by U.S. companies. Negotiations are expected to continue as the FTC seeks to avoid giving the EU the power to reach beyond their borders.