Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Europe signs off on a new privacy pact that allows people's data to keep flowing to US

The European Union has signed off on a new agreement over the privacy of people’s personal information that gets pinged across the Atlantic, aiming to ease concerns about electronic spying by American intelligence agencies

Kelvin Chan
Monday 10 July 2023 17:07 BST
Britain US Biden
Britain US Biden (Copyright 2023 The Associated Press. All rights reserved)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The European Union signed off Monday on a new agreement over the privacy of people's personal information that gets pinged across the Atlantic, aiming to ease European concerns about electronic spying by American intelligence agencies.

The EU-U.S. Data Privacy Framework has an adequate level of protection for personal data, the EU’s executive commission said. That means it's comparable to the 27-nation's own stringent data protection standards, so companies can use it to move information from Europe to the United States without adding extra security.

U.S. President Joe Biden signed an executive order in October to implement the deal after reaching a preliminary agreement with European Commission President Ursula von der Leyen. Washington and Brussels made an effort to resolve their yearslong battle over the safety of EU citizens’ data that tech companies store in the U.S. after two earlier data transfer agreements were thrown out.

“Personal data can now flow freely and safely from the European Economic Area to the United States without any further conditions or authorizations,” EU Justice Commissioner Didier Reynders said at a press briefing in Brussels.

Washington and Brussels long have clashed over differences between the EU’s stringent data privacy rules and the comparatively lax regime in the U.S., which lacks a federal privacy law. That created uncertainty for tech giants including Google and Facebook parent Meta, raising the prospect that U.S. tech firms might need to keep European data that is used for targeted ads out of the United States.

The European privacy campaigner who triggered legal challenges over the practice, however, dismissed the latest deal. Max Schrems said the new agreement failed to resolve core issues and vowed to challenge it to the EU’s top court.

Schrems kicked off the legal saga by filing a complaint about the handling of his Facebook data after whistleblower Edward Snowden's revelations a decade ago about how the U.S. government eavesdropped on people's online data and communications.

Calling the new agreement a copy of the previous one, Schrems said his Vienna-based group, NOYB, was readying a legal challenge and expected the case to be back in the European Court of Justice by the end of the year.

“Just announcing that something is ‘new’, ‘robust’ or ‘effective’ does not cut it before the Court of Justice,” Schrems said. “We would need changes in U.S. surveillance law to make this work — and we simply don’t have it.”

The framework, which takes effect Tuesday, promises strengthened safeguards against data collection abuses and provides multiple avenues for redress.

Under the deal, U.S. intelligence agencies' access to data is limited to what's “necessary and proportionate" to protect national security.

Europeans who suspect U.S. authorities have accessed their data will be able to complain to a new Data Protection Review Court, made up of judges appointed from outside the U.S. government. The threshold to file a complaint will be “very low" and won't require people to prove their data has been accessed, Reynders said.

Business groups welcomed the decision, which clears a legal path for companies to continue cross-border data flows.

In an echo of Schrems' original complaint, Meta Platforms was hit in May with a record $1.3 billion EU privacy fine for relying on legal tools deemed invalid to transfer data across the Atlantic.

Meta had warned in its latest earnings report that without a legal basis for data transfers, it would be forced to stop offering its products and services in Europe, “which would materially and adversely affect our business, financial condition, and results of operations.”

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in