With a tentative agreement reached Friday, the European Union and the United States won a breakthrough in their years-long dispute over the privacy of data flowing across the Atlantic, paving the way for Europeans’ personal information to be held in the United States.
President Joe Biden and European Commission President Ursula von der Leyen announced the agreement in Brussels during Biden’s European tour, which coincided with Russia’s war in Ukraine.
Business organisations applauded the move, saying it will bring comfort to thousands of companies, including internet giants like Google and Facebook, who had been concerned about their ability to send data between the United States and Europe, which has stronger data protection standards.
The accord came just hours after EU officials reached an agreement on broad new digital rules aimed at limiting the clout of large tech firms like Facebook and Google.
“Today, we’ve agreed to unprecedented safeguards for our citizens’ data privacy and security,” Biden stated. “This new agreement will strengthen the Privacy Shield framework, assist small and large businesses compete in the digital economy, and foster growth and innovation in Europe and the United States.”
“The deal will enable predictable and trustworthy data flows between the EU and the United States, respecting privacy and civil liberties,” Von der Leyen added.
According to Alexandre Roure of the tech trade association CCIA, the data includes “any information that we voluntarily submit or produce when utilising services and products online.” This includes information such as names, ID numbers, and geolocation data, as well as online identifiers such as IP addresses and emails and other data that tech companies use to target advertisements.
The agreement originates from a complaint made a decade ago by Austrian lawyer and privacy campaigner Max Schrems, who was concerned about how Facebook handled his data in light of revelations from former US National Security Agency contractor Edward Snowden concerning US government cybersnooping.
Along the way, the EU’s top court slapped down the Privacy Shield accord, which covered transatlantic data transfers, since it violated the 27-nation bloc’s tough data privacy requirements. Companies were compelled to rely on stock legal contracts to keep the transfers going, while others tried to localise data or stop them altogether.
The US and EU said in a joint statement that the agreement addresses concerns raised by the court, with the US introducing reforms to strengthen privacy and civil liberties protections “applicable to signals intelligence activities,” which refers to intelligence agencies’ collection of emails, text messages, and other electronic communications.
According to the statement, the US will implement “additional safeguards to ensure that signals surveillance actions are necessary and appropriate in the pursuit of established national security objectives.”
Because of the issue, Facebook may need to restructure its data centres to ensure that European data does not end up in the United States.
Facebook’s worldwide affairs chief, Nick Clegg, stated that the new agreement “will help keep people connected and services running.” “For American and European organisations of all sizes, like Meta, that rely on moving data fast and reliably, it will bring crucial confidence.”
Google applauded the EU and US efforts to “safeguard transatlantic data exchanges.”
Schrems predicted that the latest agreement would end up in court because his Vienna-based group, NOYB, would thoroughly examine it and dispute anything that did not comply with EU law.
“Customers and enterprises will be subjected to further years of legal uncertainty,” Schrems stated.