US lawmakers delay bill on European data privacy deal

Legislation that would grant US privacy rights to Europeans is being delayed in the Senate, which may complicate negotiations over a broader trans-Atlantic data transfer pact that faces a January deadline for completion, sources said on Wednesday.

The Judicial Redress Act, which would allow citizens of European allied countries to sue over data privacy in the United States, is “likely to be held” from a scheduled vote on Thursday in the Senate Judiciary Committee, a panel aide said.

Passage of the legislation is viewed as an important step toward securing a new “safe harbor” framework after the previous one was struck down by a top European Union court last year amid concerns about US surveillance.

More than 4,000 firms, including tech behemoths such as Google and IBM, have been relying on the 15-year-old framework to freely transfer data between the United States and Europe, which has far stricter rules on the privacy of personal information.

But that deal was ruled invalid last October by the Court of Justice of the European Union, which cited revelations about US mass surveillance by former National Security Agency contractor Edward Snowden.

European Union data protection authorities have given Brussels and Washington until the end of January to strike a new agreement for transferring personal data.

Industry executives are growing increasingly alarmed that the new agreement will not be completed in time. The Information Technology Industry Council, a Washington-based trade organization that represents Apple, Microsoft and other major tech companies, sent some of its executives to Europe on Wednesday to press for a quick resolution.

A spokesman for the organization, which warned of “enormous” consequences in a letter this week to Barack Obama and European Commission President Jean-Claude Juncker if a pact is not forged soon, said its leaders are meeting with government and data protection authorities in several cities, including Dublin, Amsterdam, Berlin and London, ahead of the deadline.

EU privacy regulators are due to meet on 2 February to decide if they should begin enforcement action against companies if they determine all transfer mechanisms violate EU law and there is no new framework in place.

comments powered by Disqus