February 1 is a date that all compliance practitioners in both the United States and in Europe need to circle. That is the deadline that the U.S. Department of Commerce and the European Commission are under to reach a new deal regarding the transfer of data from EU countries to the United States. These negotiations are part of the continued fallout from the Schrems decision, which invalidates the safe harbor provision under which U.S. companies brought information on EU citizens from Europe to the United States.

As reported in the New York Times, the negotiators have been going at it “almost daily since October,” yet they are apparently no closer to reaching an agreement. As you might expect, the parties are still unable to reach an accommodation around how U.S. spy agencies monitor Europeans’ digital profiles. But even if an agreement is reached, it still will have to be reviewed and approved by EU-member countries’ privacy watchdogs. Moreover if no agreement is reached, there could be even more restrictions placed on data transfer from individual EU member-states, which have a much more robust tradition of data privacy and rights than in the United States

Further, if no agreement is reached, EU “national authorities my start legal proceedings—and potentially issue fines—against companies which run afoul” of these data protection laws. The Times quoted the lead French regulator, Isabelle Falque-Pierrotin that “If they [American companies] are on our soil, then they need to live with the consequences.”

For the compliance practitioner, this deadline has profound implications. First and foremost will be the terms of any deal reached by the Department of Commerce and European Commission. But even at that point, with the oversight by national regulators, your route may not be clear moving forward

However if no agreement is reached, then the movement of data from Europe to the United States could cause the initiation of an investigation, with attendant fines and penalties. All of this will make compliance with any internal investigation around the FCPA much more challenging. 

Topics