EU Digital Economy Nominee Reaffirms Possible Data Transfer Pact Suspension

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Stephen Gardner

Oct. 9 — A difference between the European Union and the U.S. on the extent to which U.S. national security authorities should be able to access the personal data of EU citizens transferred across the Atlantic to U.S. companies under the U.S.-EU Safe Harbor program remains unresolved, the EU's incoming commissioner with overall responsibility for the development of the digital economy said Oct. 6.

During a European Parliament confirmation hearing, Andrus Ansip, who is slated to become European Commission Vice-President for the Digital Single Market, said that unless the differences are resolved, the U.S.-EU Safe Harbor could be suspended.

The U.S.-EU Safe Harbor Program is a framework that allows over 3,000 U.S. companies to transfer to the U.S. the personal data of EU citizens, on the basis that the transfers are done in accordance with privacy principles similar to those contained in the EU Data Protection Directive (95/46/EC).

The viability of the program has been questioned by EU officials in light of revelations about the scope of the U.S. National Security Agency's surveillance activities. Efforts to negotiate amendments to the program have been underway since the fall of 2013.

Ansip said that “we have to be absolutely sure that the national security exception will be used as an exception, not on a regular basis.”

If not, “suspension” of the U.S.-EU Safe Harbor Program must remain an option, he said.

“The Americans have to provide real trust,” Ansip, a former prime minister of Estonia, said.

Security Access Sticking Point

The European Commission, the EU's administrative arm, published in November 2013 a list of 13 requirements it said should be implemented to shore up the Safe Harbor.

Ansip's comments mirror statements made in June by former European Commission Vice-President and Commissioner for Justice, Fundamental Rights and Citizenship Viviane Reding, who said that 12 of the 13 requirements had been met by the U.S., with national security as the only outstanding exception.

Ansip's comments also echo those made by Vera Jourová, the incoming EU commissioner for justice, consumers and gender equality at the European Commission, who will have direct responsibility for data protection, during her hearing in front of the European Parliament Oct. 1.

Jourová also said then that EU officials and citizens have a lack of confidence in the U.S.-EU Safe Harbor Program, but added that she would conduct further analysis of the framework before considering any suspension.

In the new European Commission, which is scheduled to take office Nov. 1, Ansip and Jourová will coordinate on data privacy issues, with Jourová taking the frontline role.

Data Protection Reform Deadline Unrealistic

Ansip added during his hearing that he would push for rapid adoption of the proposed EU data protection regulation, which was introduced in January 2012 to replace and update the nearly 20-year old Data Protection Directive.

“Trust is the basis of Internet-based e-solutions,” and data protection should be the foundation of the EU digital economy, Ansip said.

Incoming European Commission President Jean-Claude Juncker in September asked Ansip to oversee the completion of negotiations on the data protection regulation within six months of taking office.

However, an official from a large EU member state, who asked not to be identified, told Bloomberg BNA Oct. 7 that the six month deadline is unrealistic.

In discussions between EU member states on the details of the regulation, “there is progress being made but still quite slow,” the official said.

In March, the European Parliament approved the proposed data protection regulation. But the approval process has been bogged down during negotiations at the European Council of the 28 EU member states.

EU justice ministers were slated to meet in Luxembourg Oct. 10 to continue discussions on the regulation, and expect to agree on some of the provisions relating to the handling of personal data by data controllers and processors.

To contact the reporter on this story: Stephen Gardner in Brussels at

To contact the editor responsible for this story: Donald G. Aplin at

An archived webcast of the European Parliament hearing on Andrus Ansip is available at


Request Bloomberg Law Privacy and Data Security