Negotiating a new framework for transatlantic data flows

On November 16, the Center for Technology Innovation (CTI) at Brookings hosted Věra Jourová, the European Commissioner for Justice, Consumers and Gender Equality. CTI visiting fellow Cameron Kerry joined her for a discussion on how to best negotiate and implement a new framework for trans-Atlantic data flows, given that the previous U.S.-EU Safe Harbor Framework was invalidated on October 6 by the Court of Justice of the European Union. Attitudes toward privacy issues are in a continuous state of evolution, especially given the recent terrorist attacks in Paris. The intricate legal frameworks within both the U.S. and the EU also provide challenges to quickly achieving a long-term solution.


To reach a lasting agreement on data transfers, the U.S. and the EU must address issues of privacy, security, and economic opportunity at the same time. Commissioner Jourová stated that “All these need to go hand in hand. We cannot have a trade-off between one and the other.” Indeed, the same protections given to data transferred in a law enforcement context should also extend to data shared in a commercial transaction.

Negotiations to replace the overturned U.S.-EU Safe Harbor agreement are already underway. The U.S. has already committed to stronger oversight of data transfers, rather than leaving that responsibility to companies that collect the data. The 1974 Privacy Act protects U.S. citizens’ data that is collected by federal agencies, but these same protections do not extend to foreign citizens whose data is shared with U.S. companies. The Judicial Redress Act, currently under consideration in the U.S. Senate, would bring protection standards for EU citizen data in line with that of U.S. citizens.

Commissioner Jourová also clarified some misconceptions about the European Court of Justice ruling. The ruling was not intended as a judgement on the U.S. legal system, but as “a general standard that has to be met by any country (including the US) for its data protection rules to be considered adequate under EU law.” The Commissioner emphasized that transferred data should retain the protections guaranteed under European law regardless of where it travels.

Just as one case overturned the standing data transfer regime, future cases will likely test the adequacy of protections contained new agreements between the U.S. and the EU. The rights and responsibilities that citizens have under EU law should still apply to them online, regardless of where their data is held. These discussions about balancing security and privacy will become more prevalent in search of a lasting U.S.-EU data transfer agreement. In light of the attacks in Paris, Commissioner Juorová highlighted the importance of protecting the freedoms enjoyed by EU citizens, declaring that “it is precisely these values that we will defend.”

Watch full video or listen to full audio of the event here.

Elsie Bjarnason contributed to this post.