Brussels is to warn the Obama administration that tech companies such as Google, Facebook and Microsoft risk losing their decade-long exemption to European privacy rules unless the US changes the way it treats the online data of EU citizens.
A European Commission review of the “safe harbour” pact, which allows US tech groups to operate in Europe without EU oversight, will conclude that Washington has improperly forced US companies to hand over European customers’ data. Although the review – which will be revealed tomorrow – stops short of calling for the safe harbour agreement to be scrapped, its wording strongly signals that the EU will move in that direction if the US does not change the way it uses European customers’ data.
“The personal data of EU citizens sent to the US under the safe harbour may be accessed and further processed by US authorities in a way incompatible with the grounds on which the data was originally collected,” according to a draft version of the review obtained by the Financial Times.
“The commission has the authority . . . to suspend or revoke the safe harbour decision if the scheme no longer provides an adequate level of protection,” the review adds.
Ending safe harbour and subjecting US tech companies to EU privacy laws would wreak havoc on the likes of Google and Facebook and put them in a legal bind over National Security Agency requests for data on EU citizens.
Under US law they would be forced to hand over the data, but doing so would breach EU rules.
Internet companies say they would be forced to ringfence their European operations and hold data about local citizens in new legal entities.