A long awaited U.S. and E.U. data transfer agreement was complete on Monday. The U.S. and E.U. data protection agreement ends legal uncertainty for Meta, Google and scores of companies at least for now.
U.S. and E.U. data privacy deal to ensure that data from Meta, Google and scores of other companies can continue flowing between the United States and the European Union was completed on Monday, after the digital transfer of personal information between the two jurisdictions had been thrown into doubt because of privacy concerns.
E.U. U.S. data transfer agreement
The decision adopted by the European Commission is the final step in years’ long process and resolves, at least for now, a dispute about American intelligence agencies’ ability to gain access to data about European Union residents. The debate pitted U.S. national security concerns against European privacy rights.
The accord, known as the E.U. U.S. Data Privacy Framework, gives Europeans the ability to object when they believe their personal information has been collected improperly by American intelligence agencies. EU US data sharing should be done properly. An independent review body made up of American judges, called the Data Protection Review Court, is to be created to hear such appeals.
Didier Reynders, the European commissioner called it a “robust solution.” The U.S. E.U. data privacy deal sets out more clearly when intelligence agencies are able to retrieve personal information about people in the European Union and outlines how Europeans can appeal such collection, he said.
“It’s a real change,” Mr. Reynders said in an interview. “Protection is traveling with the data.”
Data sharing
President Biden issued an executive order laying the groundwork for the E.U. U.S. data transfer agreement in October, requiring American intelligence officials to add more protections for the collection of digital information, including by making them proportionate to the national security risks.
The E.U. and U.S. data transfer agreement was a top priority for the world’s biggest technology companies and thousands of other multinational businesses that rely on the free flow of data. The U.S. E.U. data privacy deal replaces an accord known as Privacy Shield, which the European Union’s highest court invalidated in 2020 because it did not include enough privacy protections.
The lack of an U.S. E.U. data protection agreement had created legal uncertainty. In May, a European privacy regulator pointed to the 2020 judgment when fining Meta 1.2 billion euros ($1.3 billion) and ordering it to stop sending information about Facebook users in the European Union to the United States. Meta, like many businesses, moves data from Europe to the United States, where it has its headquarters and many of its data centers.
Other European privacy regulators ruled that services provided by American companies, including Google Analytics and MailChimp, could violate Europeans’ privacy rights because they moved data through the United States.
The issue traces back to when Edward Snowden, a former U.S. national security contractor, released details of how America’s foreign surveillance apparatus tapped into data stored by American tech and telecommunications companies.
Members of the European Parliament criticized the U.S. E.U. data transfer agreement. The Parliament had no direct role in the negotiations, but passed a nonbinding resolution in May that said the U.S. E.U. data transfer agreement failed to create adequate protection.
New framework
Mr. Reynders said the new framework would establish a system through which Europeans could raise concerns with the American government.
Commerce Secretary Gina Raimondo said this month that the U.S. Department of Justice had established that the European Union’s 27 countries would have access to the tools that allowed them to complain about abuses of their rights.
