U.S. and Europe fail to meet deadline for data transfer deal

U.S. and European officials failed on Sunday to reach an agreement over how digital data — including financial information and social media posts — could be transferred between the two regions.

Despite the last-minute talks, both sides remained far apart on specific details required to approve a comprehensive deal. Without an agreement, companies that regularly move data, including tech giants like Google and nontech companies like General Electric, could find themselves in murky legal waters.

European and U.S. officials had until Sunday evening to meet a deadline set by Europe’s national privacy agencies, some of which have promised aggressive legal action if the current negotiations founder. Those agencies will publish their own judgment on how data can be moved safely between the two regions Wednesday.

With time ticking down, the two sides are now hoping to agree to a broad deal before European national regulators act on Wednesday, according to several officials with direct knowledge of the talks, who spoke on the condition of anonymity because they were not authorized to speak publicly.

Still, negotiators said sticking points remained — including over how Europeans’ data would be protected from surveillance by the U.S. government and how Europeans could seek legal remedies in U.S. courts — and neither side could guarantee the final outcome.

The rules governing the transfer of online data have become a vital issue for many businesses. Facebook and Google, for example, use the information to help tailor the advertisements that are central to their businesses. Many nontech companies, like GE, also move data related to their customers and employees, as well as on how their products are used.

No big U.S. company is expected to immediately change how it does business. But many have gathered teams of lawyers to protect themselves in case no deal emerges.

“There’s a lot of uncertainty,” said Tanguy Van Overstraeten, global head of privacy and data protection at Linklaters, a law firm in Brussels, who represents companies that may get tangled up in the standoff. “We need a solution. Global business relies on transferring data. You cannot stop that.”

The most recent talks have been taking place in Brussels. Senior officials from the Commerce Department, the Federal Trade Commission and other U.S. agencies traveled there last week. They have been meeting with the European Commission, the executive arm of the European Union that is in charge of the negotiations, along with senior national politicians from across the Continent.

And with the talks increasingly stalled, Penny Pritzker, the U.S. commerce secretary, was expected to call her European counterpart, Vera Jourova, on Sunday in the hopes of brokering a deal.

The negotiations began three months ago after Europe’s highest court invalidated a 15-year-old data-transfer pact, known as safe harbor. The judges ruled that Europeans’ data was not sufficiently protected when being transferred to the United States.

European and U.S. negotiators had been talking for years about a new deal, but the court’s decision — which went into effect immediately — made action increasingly urgent.

In recent weeks, U.S. officials have offered a number of concessions to their European counterparts. They include increased oversight over U.S. intelligence agencies’ access to European data, according to several officials involved in the discussions, who spoke on the condition of anonymity.

U.S. officials also have proposed the creation of a data ombudsman within the State Department. That office, according to officials, would give Europeans a direct point of contact in the United States if they believed their data had been misused by government agencies. Europeans also may seek arbitration directly with U.S. companies that they accuse of unlawfully using their digital information.

European officials, though, have expressed doubts that those moves would hold up if challenged in European courts. They have asked the Americans to provide specific details about how the proposals would work in practice, according to two officials. In particular, Europeans want more information on the limits to U.S. intelligence agencies’ access to European data, and on how Europeans can file legal claims in the United States.

U.S. officials have argued that their proposals will stand up to European legal challenges. They also believe the United States has levels of data protection comparable to that in the European Union, where privacy is valued as highly as freedom of expression.

“We’ve agreed to make major changes,” Bruce H. Andrews, deputy secretary of the Commerce Department, said on Jan. 15. “The U.S. takes individuals’ privacy very seriously.”

Any company — large or small — that transfers information between the two regions may face legal challenges. But the most likely targets for litigation, privacy advocates say, are large U.S. tech giants like Google and Facebook that rely so heavily on people’s data.

Several of Europe’s national data regulators, including Isabelle Falque-Pierrotin, the French privacy chief who is chairwoman of a Pan-European data protection group, have said they will back a new data-transfer agreement if all of Europe’s privacy rights are upheld in the United States.

But if a new pact is not approved — or does not meet national regulators’ standards — some European privacy watchdogs may demand new limits on the movement of data. Several consumer groups plan to file complaints about how companies transfer data as soon as Monday, arguing that people’s rights are not upheld when information is moved to the United States.

“These issues are going to end up back in court,” said Peter Swire, a law professor at the Georgia Institute of Technology, who helped negotiate the original safe harbor agreement while working for the Clinton administration.