European Union privacy regulators are leaning toward the restriction of personal data transfers to the United States because of the risk of US. surveillance, mostly because the US government will not back down.
A top EU court last year struck down the Safe Harbour system, used by thousands of businesses to easily transfer data across the Atlantic, because the data were not protected enough from any US snooping.
A plenary meeting on next month will decide to what extent companies should be allowed to continue transferring Europeans’ data to the United States in light of the ruling.
In a preparatory meeting on Wednesday the authorities discussed a range of possible outcomes, including “freezing” all new authorisations for US data transfers on the basis of binding corporate rules within multinationals or standard contractual clauses between companies.
Under EU data protection law, companies cannot shift Europeans’ data to countries outside the EU deemed to have insufficient privacy safeguards, which applies to the United States according to the authorities’ assessment of the US legal system.
However, data transfers are allowed if firms set up complex legal structures such as binding corporate rules or standard contractual clauses.
A final decision will only be taken at the plenary meeting and not all regulators were in favor of the restrictive approach, the sources said.
If the European Commission, which is negotiating a replacement for Safe Harbour with Washington, presents the regulators with a strengthened system their position may change.
Freezing all new authorizations for US data transfers using binding corporate rules or standard contractual clauses will kill off transatlantic data flows which are the highest in the world. Businesses say that will end the borderless nature of the Internet is being jeopardized. The EU says that is not its fault, and the US needs to stop spying on people.