The announcement by European Justice Commissioner Vera Jourova of an “agreement in principle” on a new data transfer pact with the US, based on the foundation of joint annual review by US and EU data protection authorities, opens the door to tremendous opportunities for harmonization of global data laws.
The contemplated joint oversight can engender the communication between the EU and US not built into the prior unilateral US regulatory structure, on both matters of private sector data protection and matters of governmental surveillance. That joint oversight, and the depth of knowledge that both sides have gained of one another since the negotiation of the first Safe Harbor, may as the great US scholar of EU data protection Paul Schwartz suggested make the sequel better than than the original.
There is a tremendous amount left to do in the next few months to finalize the new pact. As Jourova says, the biggest challenge is agreement on
sufficient limitations and safeguards…to prevent access or use of personal data on a ‘generalized basis’ and to ensure that there is sufficient judicial control.
There is clearly receptivity in Europe to the notion that the US has made progress since the Safe Harbor I state of US government surveillance that was the target of the Advocate General’s opinion leading to the ECJ decision invalidating Safe Harbor I. Said Jourova:
We have already seen some progress compared to the past in the direction of more targeted and tailored surveillance… We are still in the process of assessing these safeguards and of getting further clarifications, but I certainly see some relevant and encouraging elements there.