According to Reuters, the European Union (EU) and the United States (US) have reached a new data transfer agreement. The new MoU will allow brands to freely transfer data between the two regions. A report from Europa claims that this agreement comes after a previous agreement known as the EU-US Privacy Shield. However, the report says the EU – US Privacy Shield was invalidated by the Court of Justice of the EU in 2020. Politico reported that the new agreement aims to provide legal certainty for tech firms. It also aims to end the legal uncertainty that has plagued the tech giants such as Facebook and Google for the past three years. However, Techcrunch believes that the new agreement will likely face legal issues. The report says that these issues will test if the main clash between the EU and US data protection laws is resolved.
The New Data Transfer Agreement
As a step forward from the EU – US Privacy Shield, the new data transfer pact is called the EU – US Data Privacy Framework. The European Commission (EC) announced the new data transfer pact with the United States on July 10, 2023. According to the EU, this pact also aims to foster transatlantic data flows. Europa reported that it will also take care of concerns raised by the Court of Justice of the EU in its Schrems II decision.
Europe’s top court has previously annulled two agreements backing the transatlantic transfer of personal data. It did so on grounds it could jeopardize the data security of EU citizens. This move also led the EC to reach a new agreement with the US as soon as possible to fill the loopholes in the law.
The adoption process involves getting an opinion from the European Data Protection Board. It will also need a green light from a committee composed of representatives of EU Member States. Irishtimes claims that the new privacy framework will provide guarantees for all transatlantic data transfers. This is irrespective of the mechanism used to facilitate that transfer.
Reports from the EC reveal that Europe is satisfied with the steps taken by the U.S. According to the EC, these steps ensure the protection of data that is moved from Europe to the U.S. for commercial purposes. The new agreement has some binding safeguards. One such is limiting US intelligence services’ access to EU data to the extent “necessary and appropriate”. Another is creating a data protection review court for users in Europe. These steps take care of the previous concerns raised by Europe’s top court.
EU top experts have their say
EU Justice Commissioner Didier Reynders told a news conference he was confident the agreement would stand any legal issue. He said
Gizchina News of the week
“The principles of the data privacy framework are solid and I believe we have achieved alot and significant progress has been made, thereby meeting the requirements of the ECJ case law. I am very confident in fighting and defending the new data agreement.”
However, European privacy campaigner, Max Schrems was the first to oppose the agreement, saying in a statement
“Merely announcing that something is ‘new’, ‘robust’ or ‘effective’ doesn’t solve the problem in front of the courts. We need to change US surveillance laws to make this work (keeping data safe in Europe) really work.”
Cecilia Bonefeld – Dahl, Director – General of the Digital Europe Trade Association, said:
“Data flows support the EU’s annual exports to the United States of 1 trillion euros, the new agreement will give businesses more confidence to do business and help Europe’s economy grow.”
Meta’s Fined due to data transfer from the EU to the U.S.
The EU privacy regulator announced at the end of May that it would fine Meta 1.2 billion euros. The reason for the fine is that Meta did not keep to the laws of the EU by sending user data to the U.S. The 1.2 billion euros fine is the maximum penalty for such conduct.
According to the regulator, despite the ruling of the court, Meta did not stop its EU-US data transfers. Though the regulator acknowledged that Meta did the data transfer in good faith, however, it failed to address the concerns raised by the Schrems II decision. For this reason, they had to place a huge fine on the company.
Meta’s response
In a response by Meta which was released in its News Room, the company will launch an appeal to the decision. The company stated that it will ask for a stay of orders through the court. Also, Meta believes that the fine is not only unjustified but also unnecessary. The company further claims that data transfer across borders is fundamental to how the global open internet works. It adds that without data transfer across borders, the internet risks being carved up into national and regional silos. Meta in the blog post claims that this will restrict the global economy. It also said that the implication of this is that people in different countries will not be able to access many of the shared services that Meta relies on.
Conclusion
The new EU-US Data Privacy Framework aims to provide legal certainty for tech firms and end the legal uncertainty that has plagued the tech giants such as Facebook and Google. The new agreement will provide guarantees for all transatlantic data transfers irrespective of the mechanism used to facilitate that transfer. However, the new agreement is likely to face legal challenges to test whether the fundamental clash between the EU and US data protection laws has been resolved. For sending European user data to the U.S., Meta is now facing a huge 1.2 billion euro fine. The company says it will appeal the decision of the Eu regulator in court.