Negotiations over data transfer regulations between American and European officials stalled over the weekend, missing the Sunday deadline set by Europe’s national privacy agencies.
According to a report on Monday by the New York Times, negotiations in Brussels hit a several snags, including around options for European citizens to seek redress over data privacy violations.
The negotiations started shortly after the European Court of Justice rejected the Safe Harbor agreement in October 2015, which allowed US tech companies to use a single standard for consumer privacy and data storage in the US and Europe.
A deal is expected to be reached in the coming days, but national data protection regulators in Europe could meet as soon as Tuesday to start restricting trans-Atlantic flows of data, according to the report.
American companies aren’t expected to make any changes to how they do business immediately, and while there could be legal implications on companies regardless of size, experts say the most likely targets for litigation are big US tech companies like Google and Facebook that rely heavily on personal data, according to the report. Hosting companies with data centers in Europe and the US could also be impacted.
According to the Times, American officials have offered a number of concessions in recent weeks, including increased oversight over American intelligence agencies’ access to European data, and creating a data ombudsman within the State Department to give Europeans a direct point of contact should they believe their data was misused by a US government agency.
However, European officials are skeptical that these moves would hold up in European courts, and are looking for more specifics around how these proposals would work, which should come to light over the next several days as both sides work to come to an agreement.
On Thursday, the US Senate Judiciary Committee approved on a bipartisan vote the Judicial Redress Act (JRA), which provides a legal mechanism that entitles EU citizens to sue in US court for violations of the US Privacy Act, according to Forbes.