In her second address of the EU Parliament’s LIBE Committee in the post-Safe Harbor era, EU Commissioner Věra Jourová said that there are agreements “in principle” already in place with the U.S. Department of Commerce on a new version of Safe Harbor.

However, it was clear as she spoke yesterday in Strasbourg that there remain a number of critical negotiating points.

Jourová said there have already been “several meetings at a technical level” between the Commission and the U.S. and that she had spoken with U.S. Commerce Secretary Penny Pritzker earlier that same day.

“For the coming weeks, intensive technical discussions will continue and we have agreed to be in regular contact before I go to Washington in mid-November,” Jourová said, looking to the future. “These discussions are not easy, but I am confident that by then we should already have seen progress.”

People hoping for an announcement for a new framework for transatlantic data transfer in the next few days, even the next few weeks, will be disappointed.

In fact, the general sentiment in Brussels is that no new agreement will be announced until January. Why? That goes to Jourová’s self-identified sticking points in the negotiations, which align with the main points of the ruling by the European Court of Justice in the Schrems case.

First, the U.S. has to offer “safeguards which are ‘globally equivalent’ to the ones we have in Europe,” Jourová said. “This is what I am seeking in our discussions with the U.S.”

Second, the self-verification portion of the Safe Harbor regime must have “effective detection and supervision mechanisms,” and “the U.S. has delivered on this by committing to a stronger oversight by the Department of Commerce, stronger cooperation with European data protection authorities and priority treatment of complaints by the Federal Trade Commission.” This will make Safe Harbor more “responsive,” Jourová said, and there will be more significant enforcement.

Finally, there is the matter of “intervention of public authorities, in particular for reasons of law enforcement and national security.” That access “must be subject to clear conditions and limitations” and “sufficient judicial control over such activities.”

“Let us be clear about this last point,” Jourová said. “This is the biggest challenge in the judgment.”

However, she said, “the U.S. has undergone a period of internal review as regards its national intelligence activities.” The USA FREEDOM ACT, Presidential Policy Directive 28, already in place, and the Judicial Redress Act, extending the benefits of the Privacy Act to non-U.S. citizens that was recently passed by the U.S. House of Representatives, are all steps in the right direction.

Senate passage of the Judicial Redress Act and a signature from President Barack Obama are vital, but perhaps not enough.

“We now need to focus on these and other elements and to carefully analyze the extent to which they meet the requirements of the judgment,” Jourová said.

That will take time. In fact, many observers here in Brussels have mentioned the update from the U.S. Office of the Director of National Intelligence, required by Directive 28 and scheduled for January, as a major signpost to watch. If the report shows a substantial curbing of “mass surveillance,” defined as indiscriminate as to whose data is gathered, that may be the final positive sign the Commission needs to feel confident in putting forward a Safe Harbor 2.0 that would satisfy the European Court of Justice.