BRUSSELS — The European Union on Monday approved a new deal allowing companies to freely transfer data between the EU and the United States, potentially ending three years of legal limbo for tech giants such as Facebook and Google.
The European Commission formally recognized the U.S. as a country with sufficient protection for Europeans’ personal data, adopting a so-called adequacy decision under its landmark privacy law, the General Data Protection Regulation.
The deal, known as EU-U.S. Data Privacy Framework, clears the way for lucrative transatlantic data exchanges after the EU's top court in 2020 struck down the governments’ previous data agreement, known as Privacy Shield, over concerns that U.S. intelligence agencies had too much leeway to snoop on Europeans’ personal data.
The stakes for success are high: According to the White House, transatlantic data flows underpin $7.1 trillion in economic activities, and thousands of companies do business on both continents.
You may like
“Today we take an important step to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and the U.S., and at the same time to reaffirm our shared values,” said Commission President Ursula von der Leyen.
Monday’s decision marks the end of long-running, complex negotiations that reached the White House. To pave the way for the deal, U.S. President Joe Biden in October 2022 issued an executive order to restrict U.S. intelligence agencies like the National Security Agency (NSA) from accessing Europeans’ digital information and create better, more independent redress for Europeans.
The U.S. Department of Justice announced last week it has finalized its commitment under the Executive Order. A new Data Protection Review Court will allow European residents to bring claims against U.S. agencies if they believe their data was not gathered in a “necessary” and “proportionate” way for national security.
The agreement, however, doesn’t necessarily end the longtime drama. Max Schrems, the privacy activist who filed lawsuits that led to the downing of the two previous data pacts, said he would likely challenge the new deal in court by the end of August. He expects his complaint to come to the European Court of Justice in early 2024.
The European Court of Justice annulled two previous agreements — Privacy Shield and a 2000 deal called Safe Harbor — over fears of U.S. intelligence agencies' snooping, exposed by Edward Snowden and others.
Schrems said the new deal didn’t give Europeans adequate protections, even with the changes in U.S. data policy. “We would need changes in U.S. surveillance law to make this work — and we simply don't have it,” Schrems said. “There are even parts that are worse than before so for example, purposes for mass surveillance now [include] climate change and international health crisis.”
Officials, however, were optimistic that this time the deal would hold up to the court’s scrutiny.
“This new framework is substantially different than the EU-U.S. Privacy Shield,” said Justice Commissioner Didier Reynders on Monday. “When deciding whether and to what extent U.S. intelligence agencies should access data, they will be required to balance the same factors as those required by the case law of the EU Court of Justice.”
Tech companies widely welcomed the deal, especially Meta, which hopes to keep Europeans’ data flowing to its American servers after the Irish privacy regulator in May invalidated its last legal resort to do so via standard contractual clauses.
“We welcome the new Data Privacy Framework, which will safeguard the goods [and] services relied on by people and businesses on both sides of the Atlantic,” said Nick Clegg, Meta’s president for global affairs.
The U.S. company previously warned that if a new data-transfer agreement was not reached before mid-October, it would have to shut down services like Facebook and Instagram in Europe. Meta is currently fighting the Irish data regulator’s decision in court in Ireland.
The European Data Protection Board (EDPB)— a pan-European network of privacy watchdogs — said the new agreement showed “substantial improvements” compared with previous pacts, but still lacked some safeguards. The European Parliament has opposed the new pact, arguing it still allowed some bulk-collection of personal data and included insufficient protections for Europeans’ privacy. (The EDPB and European Parliament’s opinions are nonbinding and can’t derail the agreement.)
A majority of EU countries also gave their formal backing last week, with 24 unknown capitals in favor and three abstaining, according to a record of the vote.
The European Commission will review the EU-U.S. Data Privacy Framework within a year and then every four years to check if the new U.S. privacy safeguards for Europeans are effective.
"There has been significant reform to U.S. law and practices when it comes to surveillance safeguards,” said Joe Jones, director of research and insights for the International Association of Privacy Professionals. “This is not a reheating of the framework that was struck down in Schrems II. But the question is: Is it good enough?"
Alfred Ng contributed reporting from New York.
This article has been updated.
"flow" - Google News
July 10, 2023 at 09:45PM
https://ift.tt/L0TcCWB
EU and US reach a deal to let data flow across the Atlantic - POLITICO Europe
"flow" - Google News
https://ift.tt/CKUO7IQ
https://ift.tt/7EpQUSX
Bagikan Berita Ini
0 Response to "EU and US reach a deal to let data flow across the Atlantic - POLITICO Europe"
Post a Comment