EU aims to tighten curbs on data transfers to non-EU governments – EU document

EU flags flutter at the European Commission headquarters in Brussels, Belgium. REUTERS/Yves Herman

Register now for FREE unlimited access to

BRUSSELS, Feb 3 (Reuters) – Cloud services providers such as Amazon and Microsoft (MSFT.O) and other data processing service providers must set up safeguards against illegal data transfers to non-EU governments, according to the European Commission’s Data Act to be published this month.

The proposed rule, seen by Reuters, sets out rights and obligations on the use of EU data such as smart machinery and consumer goods, and is part of a raft of legislations aimed at reining in U.S. tech giants and helping the bloc meet its green and digital objectives.

EU concerns about data transfers have been growing ever since former U.S. intelligence contractor Edward Snowden’s revelations in 2013 of mass U.S. surveillance.

Register now for FREE unlimited access to

Europe’s top court in 2020 scrapped a transatlantic data transfer deal known as the Privacy Shield and relied on by thousands of companies for services ranging from cloud infrastructure to payroll and finance because of similar concerns.

The United States and the EU have been trying to come up with a new pactin the two years since then. U.S. Commerce Secretary Gina Raimondo said she was confident there would be a new accord which takes into account the EU court’s concerns.

“The Biden administraion considers finalising an enhanced Privacy Shield the No. 1 priority,” she told an event organised by trade body DIGITALEUROPE.

“We remain optimistic that we can reach a durable arrangement that fully addresses the European Court of Justice ruling in Schrems II that can withstand legal challenges and is based on our shared democratic values.”

The Data Act goes further than current curbs on the transfer of personal data outside the 27-country bloc by extending such restrictions to non-personal data.

“Concerns around unlawful access by non-EU/EEA governments have been raised. Such safeguards should further enhance trust in the data processing services that increasingly underpin the European data economy,” the EU document said.

It said that providers of data processing services will have “to take all reasonable technical, legal and organisational measures to prevent such access that could potentially conflict with competing obligations to protect such data under EU law, unless strict conditions are met”.

The Data Act seeks to develop interoperability standards for data to be used between sectors following concerns of barriers to data sharing within and between industries.

It also aims to make it easier for companies to switch between cloud and edge services by setting out minimum regulatory contractual, commercial and technical requirements on providers of cloud, edge and other data processing services to enable switching between such services.

The Commission has set a tentative date of Feb. 23 for publishing the Data Act.

Register now for FREE unlimited access to

Reporting by Foo Yun Chee;
Editing by Bernadette Baum and Andrea Ricci

Our Standards: The Thomson Reuters Trust Principles.

Zubair Q Britania

Next Post

Big Law's hybrid future will rely on honor system, for now

Mon Feb 28 , 2022
Trust is central as firms adopt range of hybrid in-person models Leaders and consultants emphasize flexibility, not tracking The company and law firm names shown above are generated automatically based on the text of the article. We are improving this feature as we continue to test and develop in beta. […]

You May Like