Data from Meta, Google and many other tech companies can continue to flow between the United States and the European Union, even though privacy concerns have cast doubt on the digital transfer of personal information between the United States and the European Union. An agreement to do so was signed on Monday. concern.
The decision, adopted by the European Commission, is the final step in a multi-year process that settles, at least for now, the dispute over whether US intelligence agencies have access to data on European Union residents. The debate contested US national security concerns and European privacy rights.
Known as the EU-U.S. Data Privacy Framework, the agreement allows Europeans to challenge if they believe their personal information has been wrongfully collected by U.S. intelligence agencies. A new independent review body of U.S. judges, called the Data Protection Review Court, will be set up to hear these appeals.
European Commissioner Didier Reinders, who helped negotiate the deal with US Attorney General Merrick B. Garland and Commerce Secretary Gina Raimond, called it a “robust solution.” The agreement, he said, provides more clarity about when intelligence agencies can obtain personal information about people in the European Union and how European countries can object to such collection. It also outlines whether a complaint can be filed.
“This is a real change,” Lainders said in an interview. “Protection travels with the data.”
In October, President Biden issued an executive order laying the groundwork for the agreement, calling on U.S. intelligence agencies to increase protections for digital intelligence collection, including commensurate with national security risks. .
The Transatlantic Agreement has been a top priority for the world’s largest technology companies and thousands of other multinational corporations that rely on the free flow of data. The agreement replaces an earlier agreement known as the Privacy Shield, which was revoked by the Supreme Court of the European Union in 2020 because it did not include adequate privacy protections.
The lack of agreement created legal uncertainty. European privacy regulators fined Meta €1.2 billion ($1.3 billion) in May, pointing to a 2020 ruling ordering it to stop sending information about Facebook users in the European Union to the United States. bottom. Like many companies, Meta is moving data from Europe to the US, where it has its headquarters and many data centers.
Other European privacy regulators have ruled that services provided by US companies such as Google Analytics and MailChimp may violate Europeans’ privacy rights because they move data through the US. got down.
The issue dates back to former U.S. national security contractor Edward Snowden releasing details of how U.S. foreign surveillance equipment used data stored by U.S. tech and telecommunications companies. . Under laws such as the Foreign Intelligence Surveillance Act, U.S. intelligence agencies may seek access to data about foreign users from companies for national security purposes.
Following the revelations, Austrian privacy activist Max Schrems launched a legal challenge, claiming Facebook’s storage of data in the United States violated European privacy rights. The European Union’s Supreme Court agreed, nullifying two previous transatlantic data-sharing agreements.
On Monday, Mr. Schrems said he plans to sue again.
Schrems said in a statement, referring to the Supreme Court of the European Union, that “just stating that something is ‘new’, ‘robust’ and ‘effective’ cannot be submitted to the Court of Justice.” Stated. “For this to work, changes to US surveillance laws are required, and we have none of that.”
Members of the European Parliament criticized the deal. Congress had no direct role in the negotiations, but passed a non-binding resolution in May saying the deal had failed to create adequate protection.
“The framework does not provide meaningful safeguards against indiscriminate surveillance carried out by US intelligence services,” said European MP Birgit Schippel of the Social Democratic group dedicated to civil liberties issues. “This lack of protection makes Europeans’ personal data vulnerable to mass surveillance and undermines their right to privacy.”
Lainders said people should wait to actually test the new policy.
He said the new framework would establish a system for European countries to voice their concerns to the U.S. government. First, Europeans who suspect that their data has been unfairly collected by US intelligence agencies must file a complaint with their country’s data protection regulator. After further review, the agency plans to turn the matter over to U.S. officials in a process that could eventually lead to a new review panel.
Raimond said earlier this month the U.S. Department of Justice established a tool to allow 27 European Union member states to file complaints about rights violations. He said the Office of the Director of National Intelligence has also confirmed that intelligence agencies have added the security measures mandated by Biden’s orders.
In a recent statement, Raimond said, “This is the culmination of several months of significant cooperation between the United States and the EU to protect individual rights and personal data while facilitating data flows between their respective jurisdictions. It reflects our common commitment to
