Brussels – The EU said Friday it hoped to reach a new deal with Washington within three months on data transfers which major firms like Facebook rely on, but demanded “bullet-proof” privacy protections.
The European Court of Justice last month ruled that the EU-US “Safe Harbor” arrangement allowing firms to transfer European citizens’ personal information to the US was “invalid” because it did not properly protect the data from spy agencies.
EU and US officials have since held several rounds of talks for a new arrangement.
“I believe Europe and the US have all tools at hand to achieve this in three months,” European Commission Vice President Andrus Ansip, who is in charge of the digital single market, told a press conference in Brussels.
“But I want to be clear: we need a bullet-proof solution.”
European Commissioner Vera Jourova told the press conference the ball was in Washington’s court.
“It is now for the US to come back to us with their answers,” she said. “It takes two to do this tango.”
She said she would travel to the United States next week to discuss the issue at the highest political level, including with senators preparing to vote on key legislation.
US lawmakers have moved to pass a bill allowing non-citizens to enforce their data protection rights in US courts under the Privacy Act.
“The court ruling will be our benchmark in our talks with the United States,” Jourova said.
She added that she is taking seriously businesses’ concerns about the legal void following the court ruling.
It has alarmed Washington which says it “put at risk the thriving transatlantic digital economy.”
The landmark verdict stemmed from a case lodged by Austrian law student Max Schrems, who challenged the deal between Washington and Brussels on the grounds it did not properly protect European data.
His concerns were raised by the scandal involving Edward Snowden, the former National Security Agency whistleblower who in 2013 revealed a worldwide US surveillance program harvesting the data.
Jourova said in the absence of “Safe Harbor,” data can still flow between the two continents under provisions of a 1995 EU directive where data protection, for example, is guaranteed by clauses in individual contracts.
The commission released legal guidelines on Friday, while admitting there was no substitute for a new arrangement.
The EU says it started negotiating a new Safe Harbor arrangement with the US before the verdict.
