BRUSSELS (Reuters) - European and U.S. negotiators missed a deadline to agree a key data transfer pact, the European Union’s executive said, with talks snagged over a new oversight role and options for European citizens to seek redress over data privacy violations.
While talks are continuing and a deal could be clinched in coming days, national data protection regulators from across Europe are poised to begin meetings on Tuesday to start restricting trans-Atlantic flows of personal data.
“There have been constructive but difficult talks over the weekend,” a spokesman for the European Commission said on Monday. “Work is still ongoing, we are not there yet, but the Commission is working day and night on achieving a deal.”
European Union data protection law bars companies from transferring EU citizens’ personal data to countries outside the bloc deemed to have insufficient privacy safeguards — like the United States.
Cross-border transfers are used in many industries for sharing employee information or when consumer data is shared to complete credit card, travel or ecommerce transactions.
Firms such as Facebook and Google rely on transferring and analyzing reams of user data to sell targeted advertising, for example.
U.S. officials and American executives have grown increasingly worried about the consequences of not having a new deal in place, despite a flurry of high-level talks in Brussels over the past few weeks.
Some U.S. industry representatives, believing they had exhausted their case, flew home this weekend after bringing their pitch directly to regulators across Europe.
A U.S. industry source said a deal is “on the table” with what the United States feels is the strongest offer yet, but that Europe apparently still wants to see more.
Negotiators had hoped to reach a deal before Věra Jourová, the EU Commissioner for Justice, Consumers and Gender Equality, reports to the European Parliament on Monday evening.
But that did not happen, with Jourova telling the European lawmakers: “Negotiations are still ongoing, including at the political level.”
Revelations of mass U.S. surveillance programs in 2013 prompted the European Commission to demand that “Safe Harbour” a framework which more than 4,000 companies have relied upon to avoid cumbersome EU data transfer rules, be strengthened.
The Safe Harbour framework was struck down by an EU court last year over concerns about U.S. Internet surveillance, leaving companies in legal limbo.
European Parliament lawmakers expressed scepticism that the United States was serious about ensuring protection for European privacy rights and said what the U.S. side was offering was well short of legally binding assurances.
“We must trust them. But at the same time, I say we must check also,” Jourova responded. “We need to set up rules that give us as much room as possible for checking how it works there and gives us continuous guarantees.”
The U.S. side proposed improving oversight of the new data transfer framework by creating an ombudsman to review decisions.
The European Commission is pushing for the ombudsman to have the authority to make findings on U.S. surveillance as opposed to just fielding complaints from European citizens and data protection authorities, a person familiar with the talks said.
Jourova said the role needed to be independent from U.S. authorities and empowered to seek information on concrete cases.
She added there would also be a “clear suspension clause” in the agreement with the United States that would be applicable should the system not work properly, and that the European side would run annual checks on that.
Reporting by Julia Fioretti and Gabriela Baczynska in Brussels, Dustin Volz in Washington D.C., Writing by Eric Auchard and Gabriela Baczynska, Editing by Mark Heinrich