Compliance Management, Government Regulations, Privacy

U.S. and EU reach ‘Privacy Shield’ pact replacing Safe Harbor

U.S. and European officials announced a new data-transfer deal on Tuesday designed to replace the Safe Harbor agreement that was ruled invalid by a European court three months ago.

The agreement, called the "EU-US Privacy Shield," was reached after negotiators missed the 90-day deadline to create a replacement to Safe Harbor, as stipulated by the Court of Justice of the European Union in October.

Industry sources expressed relief that the negotiators arrived at a solution to govern the transatlantic flow of data. In speaking with, Intel Corporation global privacy officer David Hoffman said “the immediate concern of US companies not being able to do business in Europe” was an essential issue that needed to be resolved.

Mark MacCarthy, vice president of public policy, Software & Information Industry Association (SIIA), wrote in an email obtained by that the agreement “helps to avoid overly protective restrictions or inconsistent country-by-country regulations which could severely limit digital trade's global benefits.”

The framework “provides greater clarity for U.S. companies operating in Europe, while avoiding the international trade disruptions that would have accompanied a shut-down of trans-Atlantic data flows,” wrote Scott Belcher, CEO of the Telecommunications Industry Association, in an email obtained by

Last week, the Senate Judiciary Committee approved the Judicial Redress Act, a bill that would provide citizens of major U.S. allies a course of redress regarding information shared with U.S. law enforcement, but a last-minute amendment added by Republicans was seen as a potential roadblock.

One industry source called the Judicial Redress Act a “statement of intent on the part of Congress to extend some of the data privacy rights gained” during the Privacy Act of 1974. The privacy provision has several exemptions, including national security exceptions. As a result, the source told the data transfer agreement “needs to stand on its own, and should not be dependent on the Judicial Redress Act.

Privacy regulators in the 28 nations that make up the European Union still need to approve the deal, which calls for an annual joint review involving the US and the EU.

“Going forward, the United States and EU should make a number of much-needed privacy reforms to continue rebuilding trust and cooperation and ensure the world's most critical economic relationship continues to endure in the digital age,” said Daniel Castro, vice president of the Information Technology and Innovation Foundation (ITIF), in a statement. ““In the United States, this includes further surveillance reform and passing the Judicial Redress Act. In Europe, this means rejecting protectionist measures, such as a European Cloud, and fully embracing the spirit of a digital single market, not just in Europe, but globally.

Hoffman at Intel said Max Schrems' complaint against Facebook that led to the court striking down Safe Harbor was “an absolutely important issue that needed to be raised.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.