EU Should Oblige Data Exporting Companies to Ensure Privacy – Lawyer

MOSCOW (Sputnik), Daria Chernyshova — The European Union should oblige organizations that export data from Europe to ensure the privacy and data security of their European customers, regardless of where it is stored geographically, Eduardo Ustaran, a partner with Hogan Lovells International LLP told Sputnik Thursday.

An advocate general for the Court of Justice of the European Union (CJEU) called on Wednesday for the suspension of data sharing for commercial purposes between the European Union and the United States, accusing Washington of indiscriminate surveillance.

“I do not believe in regulating data flows geographically as it is entirely at odds with the global nature of today's communications,” Ustaran said. “The right approach should be for EU member states to impose an obligation on organisations exporting data from Europe to ensure that the privacy of European citizens and the protection of their data is preserved irrespective of where the data is stored or from where it is accessed.”

A US-EU Safe Harbor agreement delineates the exchange of data for commercial purposes between big tech companies. According to CJEU Advocate General Yves Bot, US law in practice allows for the large-scale collection of EU citizens' personal data without judicial oversight.

Bot stressed that the Commission’s decision, whether halted or not, "cannot eliminate or even reduce the national supervisory authorities’ powers" to suspend transfer of data to the United States "if a national supervisory authority considers that a transfer of data undermines the protection of citizens."

Ustaran told Sputnik that Bot’s opinion is very critical of the Safe Harbor framework.

“In my experience, the majority of companies on Safe Harbor have implemented detailed data privacy compliance programs to address the relevant requirements, so in my view it is not entirely correct to say that Safe Harbor does not contain appropriate guarantees,” Ustaran explained.

The advocate general's opinion is not binding on the CJEU, but if upheld in the court's final ruling it could undermine the Safe Harbor agreement and its mandate for the sale of data between companies.

Safe Harbor talks were temporarily halted in 2013 after documents revealed by Edward Snowden exposed the widespread spying practices by the US National Security Agency (NSA).

In August, media reports suggested that the sides were negotiating the final details of the deal.