The U.S. is likely to have to ensure that it only monitors data when necessary and proportionate.
A deal between the EU and the U.S. around commercial data-sharing is in its final stages.
A data-sharing deal had been in place from 2000 but re-negotiations were put forward after revelations about mass surveillance practices were exposed.
The EU called for a review in 2013 after leaks from Edward Snowden exposed the spying activities on some heads of stage such as German Chancellor Angela Merkel.
The current negotiations, which began in January 2014, have been seeking to reform the "Safe Harbour" agreement that allows companies to transfer data easily between the two areas.
It is expected that the new deal will force strict guarantees from the U.S. regarding the collection of EU citizens’ data.
Data collection is likely to be restricted for national security purposes only and be limited to what is necessary and proportionate, however, given the scale of monitoring and collection that has been going on, it is questionable whether this will actually change practices.
If a deal were not to be reached then the Safe Harbour legal protection could be scrapped, which would impact around 4,000 companies across Europe and the U.S.
Ian McEwan, VP, GM, EMEA, Egnyte, said: "A commercial data sharing deal between the EU and US, intended to reform the current transatlantic agreements ensuring adequate levels of data protection, will have major implications for countries not adhering to incoming regulation.
"In particular, US companies will face stricter regulations over the way they share their data with third parties. Maintaining compliance with the new standards, ensuring that privacy and data protection are upheld, will become a priority for IT departments across both regions."
"Businesses will need to employ IT systems that are complicit with the latest standards, giving them complete control over where their data resides and how it is shared with other businesses.
"A best in class privacy and compliance IT infrastructure will give administrators a centralised view of how their data is being held and shared with other businesses, enabling them to meet with regulations. If businesses don’t take action to comply, they could face serious fines and lose credibility."
Conflicts over data protection rules have affected the negotiations, as the EU seeks assurances that companies won’t circumvent its rules by passing on data to third parties that are not certified under the data-sharing deal.
Under the new deal, both sides will be able to monitor the functioning of Safe Harbour, including how limitations on U.S. authorities’ access to data are being applied.
These discussions cannot be seen as an isolated agreement as they are likely to be heavily impacted by upcoming EU data protection laws.
Ann LaFrance, Global Head of cybersecurity, data protection & EMEA coordinating partner for communications, Squire Patton Boggs told CBR that she expects the EU Data Protection regulations to probably be adopted by the end of the year, which will be a big hit for companies that break the rules.
"There’s going to be an accountability principal around sensitive data, did you take appropriate measures. We’ll also see what’s being called a ‘Snowden provision’; if data moves abroad you may not disclose it to a security organisation without the consent of the regulator from where the data came from."
These safeguards combined with the Safe Harbour agreement are likely to appease EU concerns around data protection, but also make cross border territorial conflicts regarding data ownership a heated legal area.
One thing that LaFrance expects is that: "U.S. companies signing up will have to be much more aware and take measures to deal with privacy issues."
Previously the Safe Harbour rules had raised concerns that if consumer data was misused there wasn’t a meaningful form of redress that people could take. LaFrance expects this to be one of the key areas of change in the new Safe Harbour agreements.
Despite actions taken by President Obama to address surveillance programs and future plans to extend protections for U.S. citizens to foreigners, tensions are likely to still be high.
Recent WikiLeaks documents revealed the NSA had directly targeted the communications of French Presidents in what will have been another damaging exposure to hurt U.S. – EU relations.
Documents leaked by Snowden and WikiLeaks have helped to bring data security and privacy issues into the limelight, however, as Duncan Campbell reveals in an interview with CBR, this kind of surveillance has been going on for decades. The full interview can be found here.