EU-US data pact set to govern future of data flows
Tue 5 Apr 2022 | Finbarr Toesland
In an agreement that is set to remove much of the uncertainty surrounding the flow of personal data between EU nations and the US, a new framework to replace the defunct EU – US Privacy Shield has been agreed in principle.
The European Court of Justice ruled in 2020 that the Privacy Shield was not compatible with the strong EU data protection laws, due in part because the system was deemed not able to provide a high enough level of privacy for EU citizens.
While this new data pact has not been fully worked out, with some minor points being left unaddressed, major tech firms, such as Facebook, have hailed the agreement as a positive move forward. Nick Clegg, president for global affairs at Meta Platforms, owner of Facebook, released a statement on Twitter saying:
“With concern growing about the global internet fragmenting, this agreement will help keep people connected and services running. It will provide invaluable certainty for American & European companies of all sizes, including Meta, who rely on transferring data quickly and safely.”
It’s not just large technology firms that will benefit from this ruling, with small and medium sized companies also finding it easier to transfer personal data. Businesses have widely welcomed this deal as it will eliminate most of the uncertainly around data sharing between these two regions.
Before this agreement was made in principle, Meta has said it may have to stop operating Instagram and Facebook inside the European Union as the legality of data flows was unclear. Google, too, released a statement though their president of global affairs, Kent Walker, who commended “the work done by the European Commission and US government to agree on a new EU-US framework and safeguard transatlantic data transfers.”
The deal has not yet been completed and will require an executive order to be created in the US and the EU must undertake a consultation with both the European Commission as well as with the European Data Protection Board.
With the US and EU economic relationship being valued at around $7.1 trillion, ensuring that personal data is able to be securely transferred between these two regions is essential for trade to be achieved without barriers being in place. It’s not just tech giants that faced uncertainty around customer data, with retailers and other digital services that move data between the US and EU needing to address this issue.
It has been reported that the US has embraced a number of privacy strengthening measures in a bid to address the concerns the European Commission had around civil liberties. A mechanism that gives citizens of the EU the ability to seek redress has been included in this new agreement and has binding authority.
Background & context
Technology companies have been lobbying for years to pass a new transatlantic data sharing policy as a result of the legal challenges they have faced due to a grey area within the law. Earlier this year, Austria’s data protection agency found that a local businesses’ use of Google Analytics breached the General Data Protection Regulation (GDPR).
However, not everyone is happy with this new development with some privacy activists already saying that this ‘patchwork’ approach does not offer substantial reform on the US side. Privacy lawyer and campaigner Max Schrems said in a tweet that he expects the bill to fall and it is an example of “Politics over law and fundamental rights.”
If Schrems doesn’t view the new agreement to meet the stringent EU law requirements, he has said he will go to the Court of Justice of the European Union (CJEU) within months through civil litigation.
Written by Finbarr Toesland Tue 5 Apr 2022