A deal was finalized on Monday to ensure data from Meta, Google and dozens of other companies can continue to flow between the U.S. and the European Union after digital transfers of personal information between the two jurisdictions were stymied by privacy concerns. question. .
The decision adopted by the European Commission is the final step in a years-long process that resolves, at least for now, a dispute over the ability of U.S. intelligence agencies to access data on EU residents. The debate pits U.S. national security concerns against European privacy rights.
The agreement, known as the EU-US Data Privacy Framework, allows Europeans to object when they believe US intelligence agencies have improperly collected their personal information. A new independent review body of US judges, known as the Data Protection Review Court, will be established to hear such appeals.
EU Commissioner Didier Reynders, who helped negotiate the deal with U.S. Attorney General Merrick B. Garland and Commerce Secretary Gina Raimondo, said it was is a “robust solution”. The agreement sets out more clearly when intelligence agencies can retrieve the personal information of people in the EU and outlines how Europeans can appeal against such collection, he said.
“It’s a real change,” Mr Reedus said in an interview. “Protection travels with the data.”
President Biden laid the groundwork for the agreement with an executive order in October that required U.S. intelligence officials to add more protections to the collection of digital information, including making it commensurate with national security risks.
The transatlantic agreement is a top priority for the world’s largest technology companies and thousands of other multinational corporations that depend on the free flow of data. The agreement replaces a previous agreement called Privacy Shield, which was declared invalid by the EU’s top court in 2020 because it did not include adequate privacy protections.
The lack of agreement creates legal uncertainty. In May, a European privacy watchdog referred to the 2020 judgment, which fined Meta 1.2 billion euros ($1.3 billion) and ordered it to stop sending information about EU Facebook users to the United States. Like many businesses, Meta moves data from Europe to the US, where the company maintains its headquarters and many data centers.
Other European privacy regulators have ruled that services provided by U.S. companies, including Google Analytics and MailChimp, may violate the privacy rights of Europeans because they transmit data through the United States.
The issue dates back to when former U.S. national security contractor Edward Snowden released details of how U.S. foreign surveillance agencies exploit data stored by U.S. technology and telecommunications companies. Under laws such as the Foreign Intelligence Surveillance Act, U.S. intelligence agencies may seek to obtain data from companies about international users for national security purposes.
Following the revelations, Austrian privacy activist Max Schrems began legal action arguing that Facebook violated his European privacy rights by storing his data in the US. The EU’s top court agreed, annulling two previous transatlantic data-sharing agreements.
On Monday, Schrems said he planned to file another lawsuit.
“Merely declaring that something is ‘new’, ‘robust’ or ‘valid’ does not settle the matter before the courts,” Schrems said in a statement, referring to the EU’s highest court. “We would need to change U.S. surveillance law to make this work — and we simply haven’t done that.”
Members of the European Parliament have criticized the deal. Parliament, which played no direct role in the negotiations, passed a nonbinding resolution in May saying the deal failed to provide adequate protections.
“The framework does not provide any meaningful safeguards against indiscriminate surveillance by US intelligence agencies,” said Birgit Sippel, a European lawmaker from the Socialist and Democratic group who specializes in civil liberties issues . “The lack of protection leaves Europeans vulnerable to mass surveillance of their personal data, compromising their right to privacy.”
Redles said people should wait to test the new policy in practice.
He said the new framework would create a system through which Europeans could raise concerns with the U.S. government. First, Europeans who suspect that US intelligence agencies have unfairly collected their data must file a complaint with their national data protection watchdog. After further review, authorities will refer the matter to U.S. officials, a process that could eventually lead to a new review team.
Ms. Raimondo said this month that the US Department of Justice had provided tools for countries within the 27-nation European Union to file complaints about violations of their rights. The Office of the Director of National Intelligence has also confirmed that the intelligence community has added safeguards laid out in Biden’s order, she said.
Ms Raimondo said in a recent statement: “This represents the culmination of many months of important cooperation between the US and the EU and reflects our shared commitment to facilitate the flow of data between our respective jurisdictions while protecting individuals. rights and personal data.”
