According to a Bloomberg News report on January 14, talks between the US and the EU over a revised Safe Harbor framework have stalled, two weeks ahead of the January 31 deadline set by the Article 29 Working Party for avoiding coordinated enforcement actions. Some US officials were said to have hoped that the attacks in Paris would lead the EU to “tone down its demands,” revealing ignorance on their part that the stand-off over Safe Harbor is driven by legal rather than policy differences. One has to wonder what these unnamed officials believe about the rule of law, given their opinion that the EU’s position is malleable and that the confrontation might be resolved by some high-level discussions in Davos. Indeed, another strong warning shot was fired from Europe a few days later by Margrethe Vestager, the EU’s antitrust chief, who said that the collection of a vast amount of users’ data by a small number of tech companies like Google and Facebook could be in violation of EU competition rules.
Also on January 14, Reuters reported that the Article 29 Working Party plans to meet in Brussels on February 2 to determine whether and how data transfers to the U.S. can continue in the absence of Safe Harbor. Since disagreement exists among the data protection authorities about the viability of model contracts and BCRs in light of the CJEU Schrems decision, it is questionable whether they will be able to reach a common position in this matter. While coordinated enforcement actions are likely to be announced against companies continuing to rely upon Safe Harbor, this being pretty much a slam dunk, coordinated enforcement in other areas may prove more difficult.