The European Commission and the United States announced a new Transatlantic Data Privacy Framework this weekend, hinting that clarification may be forthcoming about which data flows are allowed after a European court overturned the EU-US Privacy Shield a year and a half ago. .
The Privacy Shield Agreement laid down the conditions for transatlantic transfers of personal data. However, the agreement was rescinded after the European Court of Justice found that US laws did not provide enough data protection safeguards to meet European standards, leading to legal uncertainty about which data flows are allowed.
The legal uncertainty has led European regulators to issue injunctions against flows of personal data through products like Google Analytics in recent months.
Meanwhile, Meta “threatened” to withdraw its services from Europe if governments failed to agree on a new EU-US framework for transatlantic data transfers. The company eventually withdrew from his comments, but remained steadfast in its call for the creation of a new framework.
According to a White House fact sheet, the US government will implement reforms under the new Trans-Atlantic Data Privacy Framework to better protect EU citizens’ personal data, such as allowing these citizens to seek redress from a newly created , independent Data Protection Framework. Review Court that will have “full jurisdiction” to review claims and take corrective action if necessary.
The US administration will also ensure that intelligence gathering from signals is only necessary to achieve legitimate national security objectives, and that it does not disproportionately impact the protection of privacy and civil liberties under of the framework.
“The new framework marks an unprecedented commitment on the U.S. side to implement reforms that will strengthen the protections of privacy and civil liberties applicable to U.S. signal intelligence activities,” the European Commission said. US government in a joint statement.
With the US committing to these undisclosed reforms, citizens and businesses on both sides of the Atlantic will be able to continue their existing data flows between the EU and the US, which companies like Google have already touted.
“We look forward to certifying our processes under the Trans-Atlantic Data Privacy Framework at the earliest opportunity. For Google, these (and similar) standards serve as a floor, not a ceiling, for the protection we provide to our users and customers. offer,” Google VP of public policy Karan Bhatia said.
Max Schrems, the privacy attorney who filed the lawsuit that culminated in the withdrawal of the Privacy Shield agreement, was skeptical of the new framework, details of which have yet to be released.
“Looks like we’re doing another privacy shield, especially in one respect: politics above law and fundamental rights,” Schrems said† “This has failed twice before. What we heard is a different ‘patchwork’ approach, but no substantial reform on the American side. Let’s wait for a text, but my [first] bet it will fail again.”