European Union officials unveiled a new US-EU legal framework that would grant American companies permission to continue sending their European customers’ private data to servers on this side of the Atlantic.
Although it must still go through a lengthy finalization and approval process–and could be impacted by ongoing negotiations in Congress that are, for now, being conducted in secret–the latest agreement is meant to replace a previous treaty. Known as Safe Harbor, that deal was struck down last October by a European court.
According to EU officials, as part of the latest framework, the US pledged greater oversight of its European intelligence collection, and agreed to create a special ombudsman at the State Department to monitor allegations of privacy breaches.
The US also “clarified that they do not carry out indiscriminate mass surveillance of European citizens,” European Commission Vice President Andrus Ansip said on Tuesday.
The Court of Justice of the European Union ruled Safe Harbor illegal last autumn, citing the disclosures of NSA whistleblower Edward Snowden. It found that the US government could not provide proper assurances that Europeans’ data were being protected from improper access by the American intelligence community.
The defeat of Safe Harbor threatened the viability of thousands of US companies, including social media companies, tech outfits, and financial businesses.
While industry groups welcomed the announcement, privacy watchdogs cautioned that the assurances alone might not pass judicial review.
“Since both sides failed to conduct the necessary surveillance and privacy reforms, this deal is not fit to resist future legal challenges,” said Estelle Massé, European Policy Analyst at Access Now, an internet-focused civil libertarian organization.
“Today’s deal is an attempt at a political fix to a legal problem,” she added in a statement. “Contrary to the announcement from the Commission, we have no indication of how users’ privacy will be protected or how it provides companies with legal certainty about the future.”
Although Congress moved last June to restrict the NSA’s bulk collection of domestic phone records, lawmakers left the rest of agency’s toolkit untouched. Included in that are broad internet intelligence-gathering programs like PRISIM and UPSTREAM–revealed by Snowden to have targeted entire populations of European countries.
Now that the legal authorities underpinning those programs, Section 702 of the FISA Amendment Act, is set to expire next year, legislators are revisiting them–in secret.
As word of the new data-transfer deal was coming out of Brussels, the House Judiciary Committee in Washington huddled for a classified hearing on PRISM and UPSTREAM.
“Moving forward, it is imperative that Congress approach Section 702 reform as openly as possible,” Rep. Thomas Massie (R-Ky.) told The Intercept last week. “Closed committee sessions and insufficient congressional oversight contributed to the evolution of our unconstitutional surveillance state,” he added.
