“There is agreement on these matters in principle, but we are still discussing how to ensure that these commitments are binding enough to fully meet the requirements of the court,” Justice Commissioner Vera Jourova told European lawmakers.
For 15 years before the recent rule change, U.S. companies used a policy agreement called Safe Harbor to regulate how U.S. companies could export and handle personal data of European citizens. But in October, the European Court of Justice (ECJ) ruled the existing protections were not adequate to protect their citizens' data. The court cited U.S. government surveillance programs, such as those run by the National Security Agency that monitor every email, phone call and text message of every inhabitant.
The new agreement would include more oversight from the Commerce Department and the Federal Trade Commission to alleviate the concerns of the ECJ. The new agreement would also provide legal recourse for those whose data had been mishandled and compromised, and would instate an annual review process of the U.S.' management of EU citizen data to ensure compliance.