An agreement to ensure that information from Meta, Google and many other companies can continue to flow between the United States and the European Union was finalized on Monday, after the digital transfer of personal information between the two authorities was questioned for privacy reasons. anxiety.
The decision made by the European Commission is the last step in many years and resolves – at least for now – the debate about the ability of American intelligence agencies to access the information of citizens of the European Union. The debate pitted US national security concerns against European privacy rights.
The agreement, known as the EU-US Data Privacy Framework, gives Europeans the ability to object if they believe their data has been improperly collected by American intelligence agencies. An independent body made up of American judges, called the Data Protection Review Court, will be created to hear such complaints.
Didier Reynders, the European committee that helped negotiate the agreement with the US attorney general, Merrick B. Garland, and Commerce Secretary Gina Raimondo, called it “a strong response.” The agreement clarifies when information agencies can access personal data in the European Union and shows how Europeans can request such collection, he said.
“It’s a real change,” Reynders said in an interview. “Security is moving with data.”
President Biden responded Executive Order laying the groundwork for an agreement in October, which requires American law enforcement officials to increase security measures for the collection of digital information, including tailoring it to national security threats.
The transatlantic deal was critical for the world’s biggest technology companies and thousands of other businesses that rely on the free flow of data. The agreement replaces the agreement known as Privacy Shield, which the Supreme Court of the European Union banned in 2020 because it did not include adequate privacy protection.
The lack of agreement led to legal uncertainty. In May, the European privacy regulator pointed to a 2020 decision pay Meta billion 1.2 euros ($1.3 billion) and ordered to stop sending Facebook user information to the European Union in the United States. Meta, like many businesses, moves data from Europe to the United States, where it has its headquarters and most of its data centers.
European privacy regulators have ruled that services offered by American companies, including Google Analytics and MailChimp, may violate the privacy rights of Europeans because they transfer data to the United States.
The story began when Edward Snowden, a former US national security contractor, released details of how American surveillance equipment abroad had taken data stored by American technology and telecommunications companies. Under laws like the Foreign Intelligence Surveillance Act, US law enforcement agencies can seek information about users around the world from companies for national security purposes.
After the disclosure, Austrian privacy activist Max Schrems launched a legal challenge claiming that Facebook’s storage of data in the United States violates his European privacy rights. The European Union’s Supreme Court agreed, striking down two previous Atlantic data-sharing agreements.
On Monday, Mr. Schrems said he plans to file a second lawsuit.
“Simply declaring that something is ‘new,’ ‘strong’ or ‘effective’ cannot bring it to the Court of Justice,” Schrems said in a statement, referring to the European Union’s top court. “We need to change US surveillance laws to make that happen – and we don’t have it.”
Members of the European Parliament criticized the deal. Parliament had no direct role in the negotiations, but passed a unanimous resolution in May that said the agreement did not establish sufficient safeguards.
“The structure does not provide sufficient protection against arbitrary investigations by US intelligence agencies,” said Birgit Sippel, a European lawmaker from the Socialists and Democrats group who works on human rights. “This lack of security exposes Europeans to mass surveillance, undermining their right to privacy.”
Reynders said people should wait to test the new policy in practice.
He said the new policy will establish a way for Europeans to negotiate with the American government. First, Europeans who think that the American intelligence agency is collecting their data unfairly should complain to their country’s national security commissioner. After the review, the authorities will take the matter to the American authorities in a process that can reach a new evaluation team.
Mrs. Raimondo said this month that the Department of Justice in America established that 27 countries of the European Union have access to tools that allow them to complain about the suppression of their rights. He added that the Office of the Director of National Intelligence has confirmed that the intelligence agencies have increased the security measures established by the Biden plan.
“This represents the culmination of months of extensive cooperation between the United States and the EU and demonstrates our shared commitment to facilitate the movement of data between our jurisdictions while protecting individual rights and personal data,” said Ms. Raimondo in a recent statement.