The European Union (EU) recently sanctioned a significant plan that will permit companies to continue storing data about EU citizens on American servers, thereby sidestepping a potentially high-priced interruption in transatlantic data flows. The agreement, revealed on Monday by the European Commission, the EU’s executive body, is the culmination of protracted negotiations with the United States about data transfers.
Thousands of companies across multiple industries use these data transfers for various operations such as marketing through online ads and website traffic analytics. This issue has been a major concern for leading tech giants like Meta Platforms and Alphabet’s Google. These companies, which depend on data transfers for their European operations, have been grappling with legal challenges.
The newly ratified agreement, named the Trans-Atlantic Data Privacy Framework, will nevertheless face opposition from European privacy advocates. Critics have consistently argued that substantial modifications to U.S. surveillance laws are necessary.
Questions about data transfers from Europe to the U.S. emerged after a 2020 ruling by an EU court. The court declared a prior deal permitting trans-Atlantic data flows illegal, stating that the U.S. did not provide EU citizens with an effective means to contest the surveillance of their data by the U.S. government.
Earlier this year, EU privacy regulators imposed a hefty fine on Meta amounting to 1.2 billion euros (equivalent to $1.3 billion) for storing data of European users on American servers. The company was also instructed to halt data transfers about Facebook’s European users to the U.S. and erase already transferred data unless a new legal framework allowed it.
The recent deal offers Meta a lifeline, averting the necessity to delete data and suspend flows, although the fine is expected to still apply. Meta announced plans to contest the EU privacy ruling, but the company welcomed the data flow agreement all the same.
In a statement, Meta declared that the agreement would secure the goods and services that people and businesses on both sides of the Atlantic rely on. The Computer & Communications Industry Association, representing corporations including Amazon and Google, added that the deal provides companies with legal certainty for trans-Atlantic personal data transfers.
Taking immediate effect, this agreement follows a preliminary data privacy consensus reached between Brussels and Washington last year. As part of the deal, the U.S. is required to establish a court empowered to handle EU individuals’ complaints and impose remedies for U.S. law violations. President Biden, last year, had announced the creation of the Data Protection Review Court.
Complaints will initially be examined by a civil liberties protection officer in the U.S. and may be subject to further scrutiny at the data protection court. Additionally, the U.S. has pledged to restrict the collection of signals intelligence, an aspect of electronic communication interception.
President Biden affirmed that the agreement represents a shared commitment to data privacy, which will catalyze greater economic opportunities in both the U.S. and Europe. Echoing this sentiment, EU Justice Commissioner Didier Reynders stated, “Personal data can now flow freely and safely,” expressing confidence in the Commission’s ability to defend the agreement against legal challenges.
However, the agreement’s future might be in jeopardy as it faces possible challenges. Privacy activist Max Schrems, who previously led legal battles against the earlier agreements Safe Harbor and Privacy Shield, is planning to contest this latest deal. Schrems argues that U.S. surveillance law must change for this agreement to function properly.
American businesses can now store European client data stateside, opening new possibilities for client interaction and storage options. Before, operating with European clients in any capacity was mired in potential issues and red tape, but now that the deal lessens these problems, there will be an influx of new data storage and IT options for European clients.
While this poses some issues for the US government around data surveillance, it’s a step forward for IT businesses and could lead to even more productive deals in the future that open the doors to closer and more consistent interaction and trust between American and European businesses.