A deal between the US and the European Commission regarding the rules that should govern data transfers between companies in the two regions is a step closer to being finalised.
Reuters reported seeing documents that show negotiations between the two parties focusing on the so-called ‘safe harbour’ principles that set out how data can be shared between EU and US companies.
The new guidelines include tighter rules governing how US companies can pass data to third parties so that they cannot circumvent incoming EU data protection regulations about how data can be shared, Reuters said.
There are also enhanced limitations on how US authorities can request data held by US companies supplied from EU firms. This is something the EU was keen to ensure after the PRISM revelations.
The EU also wants to see that EU citizens have the same rights regarding their data as US citizens under US laws.
The new agreement began life in January 2014 when the EU requested new laws after concerns raised by the PRISM revelations from 2013.
The negotiations have been going on for some time. Reports surfaced in May that the deal was already underway, and that the main sticking point was the issue of EU citizens' right to redress over how data is handled or misused by US firms.
This now appears to have been resolved, although the specifics of the finalised text remain unknown at present.
Sharing data between companies is often key to their operations, but the PRISM documents raised several concerns among EU nations about exactly what sort of data the US was taking, something president Obama acknowledged had damaged relations between the US and its allies, such as Germany.
"There's no doubt that the Snowden revelations damaged the impressions of Germans with respect to the US government and our intelligence cooperation," he said in February.
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons