Europe signs off on a new privacy pact that allows data to keep flowing to US

The European Union signed off on a new agreement over the privacy of personal information that is pinged across the Atlantic, aiming to ease European concerns about electronic spying by American intelligence agencies.

The EU-US Data Privacy Framework has an adequate level of protection for personal data, the EU’s executive commission said.

This means that it’s comparable to the 27-nation’s own stringent data protection standards, so companies can use it to move information from Europe to the United States without adding extra security.

US President Joe Biden signed an executive order in October to implement the deal after reaching a preliminary agreement with European Commission President Ursula von der Leyen.

President Biden
US President Joe Biden signed off on the agreement back in October (James Manning/PA)

Washington and Brussels made an effort to resolve their years-long battle over the safety of EU citizens’ data that tech companies store in the US after two earlier data transfer agreements were thrown out.

Speaking in Brussels, EU Justice Commissioner Didier Reynders said: “Personal data can now flow freely and safely from the European Economic Area to the United States without any further conditions or authorisations.”

Washington and Brussels have clashed over differences between the EU’s stringent data privacy rules and the comparatively lax regime in the US, which lacks a federal privacy law.

This has created uncertainty for tech giants, including Google and Facebook parent Meta, raising the prospect that US tech firms might need to keep European data that is used for targeted ads out of the United States.

The European privacy campaigner who triggered legal challenges over the practice, however, dismissed the latest deal.

Max Schrems said the new agreement failed to resolve core issues and vowed to challenge it to the EU’s top court.

Max Schrems
Campaigner Max Schrems says the new agreement failed to resolve core issues (Brian Lawless/PA)

Mr Schrems kicked off the legal saga by filing a complaint about the handling of his Facebook data after whistle-blower Edward Snowden’s revelations a decade ago about how the US government eavesdropped on people’s online data and communications.

Calling the new agreement a copy of the previous one, Mr Schrems said his Vienna-based group, NOYB, was readying a legal challenge and expected the case to be back in the European Court of Justice by the end of the year.

“Just announcing that something is ‘new’, ‘robust’ or ‘effective’ does not cut it before the Court of Justice,” Mr Schrems said. “We would need changes in US surveillance law to make this work — and we simply don’t have it.”

The framework, which will take effect on Tuesday, promises strengthened safeguards against data collection abuses and provides multiple avenues for redress.

Under the deal, US intelligence agencies’ access to data is limited to what is “necessary and proportionate” to protect national security.

Europeans who suspect US authorities have accessed their data will be able to complain to a new Data Protection Review Court, made up of judges appointed from outside the US government.

The threshold to file a complaint will be “very low” and will not require people to prove their data has been accessed, Mr Reynders said.

Meta had warned that without a legal basis for data transfers, it would have to withdraw its services in Europe (Brian Lawless/PA)

Business groups welcomed the decision, which clears a legal path for companies to continue cross-border data flows.

“This is a major breakthrough,” said Alexandre Roure, public policy director at the Brussels office of the Computer and Communications Industry Association, whose members include Apple, Google and Meta.

“After waiting for years, companies and organisations of all sizes on both sides of the Atlantic finally have the certainty of a durable legal framework that allows for transfers of personal data from the EU to the United States,” Mr Roure said.

In an echo of Mr Schrems’ original complaint, Meta Platforms was hit with a record $1.3 billion EU privacy fine in May for relying on legal tools deemed invalid to transfer data across the Atlantic.

Meta had warned in its latest earnings report that without a legal basis for data transfers, it would be forced to stop offering its products and services in Europe, “which would materially and adversely affect our business, financial condition, and results of operations”.

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.