European and U.S. negotiators have missed a deadline to agree on a key data transfer pact, the European Commission said on Monday, with talks snagged over a new oversight role and the options for European citizens to seek redress over data privacy violations, sources familiar with the talks said.
While talks are continuing and a deal could be clinched in coming days, national data protection regulators from across Europe are poised to begin meetings on Tuesday to start restricting trans-Atlantic flows of personal data.
“There have been constructive but difficult talks over the weekend,” said a spokesman for the European Commission. “Work is still ongoing, we are not there yet, but the commission is working day and night on achieving a deal.”
European Union data protection law says companies cannot transfer EU citizens’ personal data to countries outside the bloc deemed to have insufficient privacy safeguards – like the United States.
Cross-border transfers are used in many industries for sharing employee information or when consumer data is shared to complete credit card, travel or eCommerce transactions.
Major firms rely on transferring and analyzing reams of users’ data to sell targeted advertising, for example.
U.S. officials and American executives have grown increasingly worried about the consequences of not having a new deal in place, despite a flurry of high-level talks in Brussels over the past few weeks.
Some U.S industry representatives, believing they had exhausted their case, flew home this weekend after bringing their pitch directly to regulators across Europe.
A U.S. industry source said a deal is “on the table” with what U.S. feels is its strongest offer yet, but that Europe apparently still wants to see more.
Negotiators had hoped to reach a deal before Vra Jourová, the EU’s Commissioner for Justice, Consumers and Gender Equality, reports to the European Parliament on Monday evening.
Revelations of mass U.S. surveillance programs in 2013 prompted the European Commission to demand that “Safe Harbor,” a framework which more than 4,000 companies have relied upon to avoid cumbersome EU data transfer rules, be strengthened.
The Safe Harbor framework was struck down by an EU court last year over concerns about U.S. Internet surveillance, leaving companies in legal limbo.
National data privacy regulators are set to meet in Brussels this Tuesday and Wednesday to decide whether they should restrict the use of alternative measures as well, such as binding corporate rules and model clauses between companies.
U.S. officials met a group of EU data protection authorities last week to discuss the future of Safe Harbor, said a spokeswoman for the French regulator, which chairs the group.
The U.S. side proposed improving oversight of the new data transfer framework by creating an ombudsman to review decisions.
The European Commission is pushing for the ombudsman to have the authority to make findings on U.S. surveillance as opposed to just fielding complaints from European citizens and data protection authorities, the person familiar with the talks said.