The US and EU have agreed to a new data-sharing deal that would allow European data to be stored in the US, but privacy activists are set to challenge it.
US companies such as Facebook and Google will be allowed to operate under the EU-US data privacy framework if they comply with a detailed set of privacy obligations.
This includes erasing personal data when it is no longer necessary for the purposes for which it was collected and ensuring continuity of protection when personal data is shared with third parties. If your data is improperly processed, EU residents can rely on free, independent dispute resolution mechanisms and arbitration panels.
“The new EU-US data privacy framework will ensure secure data flows for Europeans and provide legal certainty for businesses on both sides of the Atlantic.Following the agreement in principle reached with President Biden last year, the US A new framework,” said EU President Ursula von der Leyen.
“Today, we took an important step to provide our citizens with confidence that their data is safe, deepen the economic relationship between the EU and the US, and at the same time reaffirm our shared values.”
The agreement specifically addresses concerns that European data may be shared with U.S. public authorities and law enforcement agencies. Access to data will be limited to what is “necessary and appropriate” to protect national security.
Meanwhile, individuals in the EU will have access to independent and impartial redress mechanisms in this regard, including, among other things, the newly established Data Protection Review Court (DPRC). Courts will independently investigate and resolve complaints, including the issue of binding remedies.
This agreement has been welcomed by many.
“This is a huge step forward,” said Alexandre Roule, director of public policy at the Computer and Communications Industry Association (CCIA).
“After years of waiting, we have now ensured that businesses and organizations of all sizes on both sides of the Atlantic now have a durable legal framework that enables the transfer of personal data from the EU to the US. ”
But Max Schrems, a thorn in the side of tech companies who has led challenges to previous data agreements, said he plans to appeal.
“While we now have ‘ports,’ ‘umbrellas,’ ‘shields,’ and ‘frameworks,’ there has been no substantive change in U.S. surveillance law. “It’s almost a literal copy of the original,” he says.
“Just announcing that something is ‘new,’ ‘robust,’ or ‘effective’ is not enough to submit it to a court of justice. U.S. surveillance laws would need to be amended to make this work; We don’t have that.”
Schrems has said he hopes to return to the European Court of Justice by early next year, asking the court to suspend the deal in the meantime, but that is unlikely.
Meanwhile, the European Commission has said that the agreement will be reviewed periodically, always within a year, to ensure that the necessary measures are implemented into U.S. law and are functioning properly. .
follow me twitter.
