Data Transfer Pact Between EU and US Has a Framework

In a long-awaited development, the US and EU have reached some accord on the "adequacy" of data protection that could allow EU data to start flowing more freely to the US. The US has been deemed not adequately attentive to personal privacy rights, and US companies have faced increasing difficulties in moving data out of the EU since a series of court decisions struck down prior cooperative data protection efforts.  

Regulators reached a tentative agreement last month, and the US administration released an Executive Order in early October to implement the deal. The rules are chiefly aimed at intelligence gathering by US government authorities, but their impact has been felt strongly in the commercial sector. Under the new rules, once they take effect, new guarantees and new remedies would be in place to assure EU citizens that data they share commercially is not widely available to US intelligence and law enforcement authorities.  

Why It Matters

The restriction on data movement has meant that US companies faced increasing hurdles when doing business in the EU -- whether with customers or suppliers there or by trying to hire staff. Allowing free movement of (and access to) personal information to the US under a negotiated framework would greatly ease the growing burden and worry for US companies. US business interests have been hampered directly by the restrictions in two ways. First, they require onerous contractual undertakings that are beyond the scope of small and medium-sized enterprises. Second, many small companies have faced growing questions about their continued access to third-party tools such as Google Analytics.