Bill sets privacy for Europeans
WASHINGTON — A key Senate panel approved a bill Thursday that would allow Europeans to sue the American government in U.S. court if the government intentionally discloses their personal data without their permission.
The Senate Judiciary Committee voted 19-1 to pass the bipartisan bill, which gives Europeans the right to request access to records shared by their governments with U.S. agencies in the course of a criminal investigation, correct those records if they are wrong, and sue if the records are illegally disclosed.
Europeans, who grant strong data privacy protections to Americans, have demanded passage of the Judicial Redress Act as part of negotiating a deal with the U.S. government to allow major American tech companies and online retailers to continue to transfer Europeans' personal data to the United States. The agreement also is needed to allow U.S. and European police agencies to continue to share electronic data to help catch criminals.
“The (bill) is necessary to implement ... a pact that will preserve and expand the ability of the United States and EU members to share critical law enforcement information,” said Judiciary Committee Chairman Chuck Grassley, R-Iowa. “So it has my support.”
Europeans have set a Jan. 31 deadline to reach a deal, and they have threatened to start imposing penalties against U.S. companies for any “illegal data transfers” starting in February.
It's not clear if the two sides will be able to reach an agreement by Sunday, and negotiators say the Senate's failure to pass the Judicial Redress Act has complicated the talks. The full Senate still must approve the bill, and a vote has not been set.
Europeans lost trust in the American government and the U.S. tech industry in the wake of the 2013 revelations by former National Security Agency contractor Edward Snowden about the NSA's mass surveillance of American and European citizens.
The legislation would give Europeans the same protections as Americans under the Privacy Act of 1974, which governs the collection, use and dissemination of personally identifiable data contained in records held by the federal government.
“The Senate Judiciary Committee should be commended for taking this step to restore Europeans' trust in the U.S. post-Snowden,” said Ed Black, president and CEO of the Computer and Communications Industry Association. “We now call on senators to promptly vote on this measure.”
The European Court of Justice invalidated a 15-year-old legal framework last October that allowed American companies to move digital information between Europe and the United States. The court ruled that U.S. law doesn't offer sufficient privacy protections.
That high court's ruling threatens the ability of American tech companies such as Google and Facebook and online retailers such as Amazon to do business in the European Union.
Under “safe harbor” rules that the European court threw out, U.S. tech companies have been allowed to compile data generated by their European customers in web searches, social media posts and other online activities. Companies use that information to direct ads to certain individuals based on their online interests.
Tech companies are not the only businesses affected. The ruling also governs any company with international operations that needs to transfer data to the U.S.
Without the overarching agreement between the European Union and the U.S., every country in Europe could potentially set its own privacy rules, making it much more difficult and costly for U.S. firms to do business there.
“Passage of the Judicial Redress Act in the Senate Judiciary Committee marks a positive step forward toward rebuilding relationships with our international allies and strengthening our own national security,” said Jim Sensenbrenner, R-Wis., a senior member of the House Judiciary Committee.