U.S.-EU Data Protection Comes with a Price Tag

The European Commission announced a three-month deadline to reach an agreement on revised policies regulating data transfers between the European Union and the United States. The deadline is a continuation of the Safe Harbor agreement, which was implemented in 2000 to encourage business transactions between the U.S. and EU member states as well as allow thousands of businesses to move European information to U.S. servers. The new deadline was requested after many EU citizens expressed skepticism about the privacy of their data on existing U.S. servers. These concerns became particularly relevant after it was revealed that the U.S. National Security Agency had been collecting electronic data on EU citizens. The final impetus to renegotiate a deal came last month in Luxembourg, when the European Court of Justice ruled the existing agreement invalid because its data protection software did not meet EU standards.

Justice Commissioner Vera Jourova remarked in an interview with EU Observer that “the Commission strongly believes that we need a new stronger framework for trans-Atlantic data transfers that will replace the old Safe Harbor."

However, not all Europeans are convinced that a new Safe Harbor agreement will ease business uncertainty. German privacy regulators have instilled fear in European companies that their plan to continue storing data in the U.S. will not pass legal standards. These companies have responded by  storing more data on European servers. However, European databases are not without cost, and many businesses are concerned that the additional servers in the EU will increase business costs – estimated at 1% of GDP – and impede the free flow of data on the internet.