New trans-Atlantic data deal welcomed on Capitol Hill

Shutterstock image: global data concept art rendered in binary.

After months of wrangling, U.S. and European officials arrived at a new set of privacy rules for personal data moving across the Atlantic. The rules, hammered out in the wake of surveillance revelations by former National Security Agency contractor Edward Snowden, spell out limits on access to information for law enforcement and security purposes.

The new agreement, dubbed the EU-US Privacy Shield, is in line with European countries' stricter data-protection rules and provides for redress for individuals who feel their data has been improperly used.

"For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms," EU Commissioner Věra Jourová said in a statement. "Also for the first time, EU citizens will benefit from redress mechanisms in this area."

The news was welcomed on Capitol Hill, where lawmakers had been concerned about roadblocks to trans-Atlantic commerce arising from the lack of an agreement that protected national security and personal privacy.

"I think those are always a balancing act," Sen. John Cornyn (R-Texas), a member of the Senate Judiciary Committee, told FCW. "What we tried to do in the Judiciary Committee and now with the Safe Harbor provision is to try to address both of those, and I think we've made some important progress."

Sen. John Thune (R-S.D.), chairman of the Commerce, Science and Transportation Committee, agreed. He led efforts by 50 other lawmakers last year to put pressure on Commerce Secretary Penny Pritzker and Federal Trade Commission Chairwoman Edith Ramirez to finalize the framework.

"This agreement is a needed victory for job-creation efforts in an already turbulent global economic situation," Thune said in a statement urging officials to implement the agreement without delay.

The framework also imposes an annual review to make sure U.S. intelligence agencies are not given access to the data of EU citizens, unless deemed critical.

Carl Schonander, senior director for international public policy at the Software and Information Industry Association, told FCW that he welcomes the new framework.

"For us, the most important thing is that countries [have] what we call interoperability mechanisms that allow for cross-border data transfers," he said. "The privacy shield is one such mechanism."

He also praised officials for negotiating a "living" agreement that will undergo an annual review process. "We will have to see once the system is put in place how that works," he said.

He added that "there needs to be a transition period so that companies adopt whatever new rules are contained in the privacy shield and implement them."

The rules could be implemented by early April. Meanwhile, the Senate is still considering the Judicial Redress Act, which extends benefits of U.S. privacy law to EU citizens so that they can challenge American companies in U.S. court if they feel their personal data has been misused.

About the Author

Aisha Chowdhry is a former staff writer for FCW.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.