The EU is now close to finalizing a new data-sharing agreement with the US to replace the Privacy Shield.
A new framework for transatlantic data transfer and storage has been agreed in principle by EU and US leaders, potentially ending a long debate on how companies can move data between these jurisdictions.
Commission President Ursula von der Leyen tweeted today (March 25) that a “deal in principle” has been reached for data flows with the US after talks with President Joe Biden, who is on an official visit to Brussels this week.
The new deal, a draft of which has not yet been released, will “enable predictable and reliable data flows between the EU and the US, balancing security, the right to privacy and data protection,” said von der Leyen.
It’s not the first time a deal has been struck about data sharing and storage. Privacy Shield, a data privacy tool that enabled the transfer of European data to US companies, was quashed in 2020 by the European Court of Justice (ECJ) in the Schrems II case.
Privacy Shield was an attempt to improve a previous agreement, Safe Harbor, which was dismantled after complaints from Austrian privacy lawyer Max Schrems.
The Schrems II case said that transfers of personal data from the EU can only take place if there is an adequate level of protection. The EU does not consider data protection in the US adequate, so data transfers can only take place through mechanisms such as the standard contractual clauses used by companies including Google and Facebook.
Meta threatened to take Facebook and Instagram off the European market last month if new regulations surrounding EU-US data transfers fail to materialize soon after the Irish Data Protection Commission proposed that the company use standard contractual clauses regarding European user data. comply with the GDPR.
While still waiting for the full text, Schrems has expressed disappointment at today’s announcement. A response to his campaign website, NYOB, leads with an image of a pig wearing lipstick and calls the new deal “Privacy Shield 2.0.”
Looks like we’re doing another one #PrivacyShield especially in one respect: politics over law and fundamental rights.
This has failed twice before. What we are hearing is a different “patchwork” approach, but no substantial reform on the part of the US. Let’s wait for a text but my first guess is it will fail again. https://t.co/y6RFUyB8eG
— Max Schrems 🇪🇺 (@maxschrems) March 25, 2022
The group said that because it was just a political announcement with no text to analyze, they believe that “no such text exists yet” and suggested that lawyers should not yet find solutions to the problems facing the ECJ in 2020 were raised.
“What NYOB is hearing is that the US has no intention of changing its surveillance laws, just providing reassurance to the executive. It’s unclear how this would remotely pass the ECJ’s test,” the group wrote. “Previous agreements have failed twice in this regard.”
The main concern is that if the US doesn’t change its surveillance laws, allowing federal agencies to ask companies to submit data for national security reasons, EU citizens’ data will be at risk when transferred and stored on US servers.
“It is regrettable that the EU and the US have not used this situation to reach a ‘no espionage’ agreement, with basic guarantees between like-minded democracies. Customers and businesses face more years of legal uncertainty,” added Schrems.
EU officials and business leaders are more optimistic about the deal. Didier Reynders, EU chief of justice, said the agreement “further strengthens our alliance and economic ties and protects citizens’ fundamental rights”.
Belgian MEP Tom Vandenkdelaere said the deal will provide “legal certainty after two years of legal uncertainty” for companies. “I expect the agreement to contain enough fundamental rights safeguards to stand the test of time,” he said tweeted†
Meanwhile, Meta’s new president of global affairs also came forward in support of the deal after criticizing the EU last month for failing to reach an agreement on an issue that hurt data-driven businesses “just as we seek recovery from Covid-19”.
“As concerns about global internet fragmentation mount, this agreement will help people stay connected and services running,” Nick Clegg tweeted Today.
“It will provide invaluable security for US and European companies of all sizes, including Meta, who rely on fast and secure transfers of data.”
10 things to know straight to your inbox every weekday. Sign up for the Daily Brief, the overview of essential sci-tech news in Silicon Republic.