An agreement was finalized on Monday between the United States and the European Union to ensure that data from Meta, Google and several other tech companies continues to flow, as privacy concerns block the digital transfer of personal information between the two jurisdictions. was thrown into doubt. concerns.
The decision adopted by the European Commission is the final step in a years-long process and it will – at least for now – resolve the dispute about the ability of US intelligence agencies to gain access to data about EU residents. does. The debate pitted US national security concerns against European privacy rights.
The agreement, known as the EU-US Data Privacy Framework, gives Europeans the ability to object when they feel their personal information has been improperly collected by US intelligence agencies. To hear such appeals, a new independent review body made up of US judges will be created, which will be called the Data Protection Review Court.
US Attorney General, Merrick B. Didier Reynders, the European commissioner who helped negotiate the deal with Garland and Commerce Secretary Gina Raimondo, called it a “robust solution.” He added that the deal becomes more apparent when intelligence agencies are able to obtain personal information about people in the European Union and how Europeans can appeal against such collection. can do.
“It’s a real change,” Mr. Renders said in an interview. “Security is traveling with data.”
President Biden issued an executive order laying the groundwork for the deal in October, requiring US intelligence officials to add more protections to the collection of digital information, including making them proportionate to national security risks.
The trans-Atlantic agreement was a top priority for the world’s biggest technology companies and thousands of other multinational businesses that depend on the free flow of data. The deal replaces a previous agreement, known as the Privacy Shield, which was invalidated by the EU’s highest court in 2020 because it did not include enough privacy protections.
The lack of agreement had created legal uncertainty. In May, a European privacy regulator pointed to a 2020 ruling when Meta was fined 1.2 billion euros ($1.3 billion) and ordered to stop sending information about Facebook users in the EU to the United States Went. Meta, like many businesses, moves data from Europe to the United States, where it is headquartered and several of its data centers.
Other European privacy regulators have ruled that services provided by US companies, including Google Analytics and MailChimp, may violate the privacy rights of Europeans because they transfer data through the United States.
The issue comes days after former US national security contractor Edward Snowden released details on how America’s foreign surveillance system used data stored by US tech and telecommunications companies. Under laws such as the Foreign Intelligence Surveillance Act, US intelligence agencies may seek access to international users’ data from companies for national security purposes.
Following the revelations, Max Schrems, an Austrian privacy activist, launched a legal challenge, arguing that Facebook’s storage of his data in the United States violated his European privacy rights. The EU’s top court agreed, voiding two previous trans-Atlantic data-sharing agreements.
On Monday, Mr. Schrems said he planned to sue again.
Mr Schrems said in a statement referring to the EU’s top court: “Just declaring that something is ‘new’, ‘strong’ or ‘effective’ does not eliminate it before the court. ” “We would need a change in US surveillance law to make this work – and we don’t have that at all.”
Members of the European Parliament criticized the deal. Parliament had no direct role in the negotiations, but in May passed a non-binding resolution stating that the agreement failed to create adequate safeguards.
“The framework does not provide any meaningful safeguards against indiscriminate surveillance by US intelligence agencies,” said Birgit Sippel, a European legislator from the Group of Socialists and Democrats who specializes in civil liberties issues. “This lack of protection leaves Europeans’ personal data vulnerable to mass surveillance, thereby undermining their privacy rights.”
Mr Reinders said people should wait to test the new policy in practice.
He said the new framework would establish a mechanism through which Europeans could raise their concerns with the US government. First, Europeans who suspect their data is being improperly collected by a US intelligence agency must file a complaint with their national data protection regulator. After further review, officials will refer the matter to US authorities which may eventually lead to new review panels.
Ms Raimondo said this month that the US Justice Department had established that countries in the 27-nation European Union will have access to tools that allow them to complain about abuses of their rights. He said the Office of the Director of National Intelligence has also confirmed that intelligence agencies have added to the safeguards established in Mr Biden’s order.
“This represents the culmination of months of important collaboration between the United States and the European Union to facilitate data flows between our respective jurisdictions while protecting individual rights and personal data,” Ms. Raimondo said in a recent statement. reflects our shared commitment to