Europe and the United States will use a thaw in ties to strike a pact that would allow for the exchange of private data across the Atlantic, replacing previous agreements struck down by an EU court.
Facebook, Google, Microsoft and thousands of other companies want such a deal to keep the internet traffic flowing without facing significant legal jeopardy over European privacy laws.
Last year, the European Court of Justice “raised important questions on how to ensure protection of privacy when data crosses the Atlantic,” EU Justice Commissioner Didier Reynders said in a speech to the American Chamber of Commerce to the EU.
“Finding this solution is a priority in Brussels and in Washington DC,” he added a day after stepping up talks with US Commerce Secretary Gina Raimondo.
As “like-minded partners” the two sides “should be able to find appropriate solutions on principles that are cherished on both sides of the Atlantic,” he said.
The third attempt for a new data arrangement would succeed deals that were invalidated after succesful lawsuits arguing that US security laws violated the fundamental rights of EU citizens.
The legal onslaught was led by Max Schrems, an Austrian activist and lawyer who began his campaign after the revelations by Edward Snowden of mass digital spying by US agencies.
Businesses have since resorted to legally uncertain workarounds to keep the data flow moving, with hope that the two sides could come up with something stronger in the long term.
Reynders said a deal would require that “complex and sensitive” issues are solved “that relate to the delicate balance between national security and privacy”.
The deal would have to cover important issues, including guarantees of access to courts and clearly enforceable individual rights.
“The only way to achieve this is to develop a new arrangement that is fully compliant with the (EU court’s) Schrems II judgement. This is in our mutual interest,” Reynders added.
The EU has concluded similar agreements with 12 entities and countries, including Japan, Switzerland, Canada, Israel, and is in the process of concluding negotiations with South Korea.
In February, Brussels gave an initial green light to the transfer of personal data to the UK, which left the EU’s direct jurisdiction this year after a post-Brexit transition period.