BRUSSELS (Reuters) - The European Commission will on Friday seek to reassure firms operating on both sides of the Atlantic that they can continue to transfer Europeans’ personal data to the United States after a court struck down a system used by over 4,000 companies to do just that.
The highest EU court last month ruled that Safe Harbour, which for 15 years has helped firms avoid cumbersome checks to transfer data between offices on both sides of the Atlantic, did not sufficiently protect EU citizens since the requirements of American national security, public interest and law enforcement trumped the privacy safeguards it contained.
U.S. and EU companies, from Google to Microsoft, shuffle personal data across the Atlantic on a daily basis, whether it is employee data for multinationals whose human resources functions are in the United States, or user data collected by web companies to be used in the billion-dollar online advertising market.
The Commission, which is negotiating a new data transfer arrangement with the United States, will issue an explanation of the ruling to guide businesses, and reassure them that a new EU-U.S. data transfer deal is a priority, an EU official said.
“It’s important to restate and reconfirm ... that the alternative tools can be used, because that is an important basis for businesses who had acted under Safe Harbour in good faith,” the official said.
The Safe Harbour system allowed companies to self-certify that they complied with EU privacy law when transferring EU citizens’ personal data to outside countries deemed to have insufficient safeguards, which include the United States.
A group bringing together the 28 EU data protection authorities gave firms a three-month grace period to put in place alternative legal tools.
However, last week German data protection authorities said they would not issue any new authorizations for data transfers to the United States on the basis of binding corporate rules or standard contractual clauses.
The Commission will on Friday also reassure firms that arrangements similar to Safe Harbour regulating data transfers to countries such as Argentina, Canada, Israel, New Zealand and Switzerland are not affected by the ruling, the official said.
These arrangements will, however, have to be reviewed regularly under a new EU data protection law.
Editing by Kevin Liffey