Judicial redress for EU citizens a remaining 'sticking point' for revised EU-US data transfer scheme

Out-Law News | 17 Jun 2014 | 4:43 pm | 2 min. read

The US must create a new law that gives EU citizens access to judicial redress there if they are concerned about the handling of their personal data by US authorities, a senior EU official has said.

Justice commissioner Viviane Reding said that the lack of judicial redress is an issue that could prevent the EU giving its backing to a framework that facilitates the transfer of personal data from the trading bloc to the US.

"When Americans come to Europe and they think the authorities have not handled their case correctly, they can go to a European court," Reding said in a recent speech. "However an EU citizen cannot do the same in the US and go to an American court. There is no reciprocity; we do not have the basis for judicial redress. You cannot make an agreement if you do not have judicial redress. The US has recognised the importance of this request on several occasions - but they need to have a law. I have not yet seen it."

Reding said that she will discuss whether a law on EU citizens' judicial redress could be passed as part of other privacy reforms that have been proposed when she meets with US attorney general Eric Holder on 25 June.

The European Commission has come under pressure from MEPs to suspend the Safe Harbour agreement between the EU and US on data transfers after a report last year cited a range of "deficiencies in transparency and enforcement" in terms of how the framework works. The Commission has, though, given the US some time to address its concerns but has maintained that it will suspend the agreement if the US fails to do so. The US has committed to making comprehensive improvements to the Safe Harbour framework by this summer.

The Safe Harbour agreement sets seven principles of data protection broadly equivalent to standards set under the EU Data Protection Directive and allows US companies that adhere to those principles and self-certifies compliance with them to transfer personal data from the EU to US.

The Commission's report, which was compiled following revelations about US intelligence gathering practices, as disclosed by whistleblower Edward Snowden last summer, made 13 recommendations on how the Safe Harbour agreement could be improved to tighten privacy safeguards.

A carve out from the principles set in the agreement enables US authorities to process the data transferred to US companies participating in the Safe Harbour scheme for reasons of national security.

The Commission's report, however, said that the exception should only be used "to an extent that is strictly necessary or proportionate".

Reding said that the issue remains a "sticking point" in negotiations over a revamped Safe Harbour agreement.

"Out of 13 points, 12 have been agreed, the 13th on is the national security exception – for me it is an exception not a rule," Reding said. "We have a problem of definition here. It should be an exception not a hoover. This must be clarified before we can give our agreement to Safe Harbour."