Christian Science Monitor:
European Union and US officials this week reached a tensely anticipated agreement that staved off disrupting transatlantic data traffic between European and American firms. But the hard part now is figuring out how to sustain the pact without additional reforms of US surveillance practices in Washington.
After the European Court of Justice ruled last fall to invalidate an EU-US data transfer deal known as Safe Harbor over concerns about US spy agency surveillance, policymakers, tech companies, and data regulators on both sides of the Atlantic scrambled to reach an agreement that would satisfy European data protection agencies.
The deal would introduce the idea of “essential equivalence” between how privacy laws are interpreted and applied in the EU and in the US, said Chris Calabrese, vice president for policy at the Center for Democracy and Technology, a tech advocacy group in Washington.
But it does not eliminate the government’s authority to force American firms to disclose data under the aegis of counter-terrorism. And that could be a problem from the EU Court of Justice’s point of view, said Mr. Calabrese.
“The fact of the matter is that US companies are in a terribly unfair position here,” he said. “They have no choice but to comply with US surveillance law and they have no ability to change their practices to meet those requirements.”
It’s hard to predict how the Court of Justice will view Privacy Shield without FISA reform, he said. But without that, said Calabrese, it is hard to see how any change to Safe Harbor can overcome the concerns that led to last October’s decision by the court.