The European Commission yesterday approved the new bilateral data transfer treaty with the United States, which should allow non-European companies to send data from EU citizens to their servers in US territory with guarantees of privacy protection. Brussels and Washington are confident that this agreement will be the definitive resolution of a conflict that began 8 years ago, when the Court of Justice of the European Union (CJEU) knocked down the first of the agreements, which was followed by another that was also annulled by the courts. in the year 2020.
The President of the European Commission, Ursula von der Leyen, assured that the new treaty, called the Transatlantic Data Privacy Framework, represents “an important step to give citizens confidence that their data is safe, to deepen our economic ties between the EU and US, and at the same time to reaffirm our shared values”.
Von der Leyen reached an agreement with the president of the United States, Joe Biden, in March 2022. The CJEU had terminated the two previous pacts, called Safe Harbor (2000) and Privacy Shield (2016), because the US has of a foreign intelligence surveillance law (FISA), which guarantees that only a judge can authorize government agencies to access the data of US citizens, but not in the case of foreigners.
According to the European president, in compliance with the new treaty, the United States “has launched unprecedented commitments to establish the new framework.” Among those new guarantees is that Europeans can appeal to a data protection review court if they believe their privacy has been violated.
The transatlantic flow of data is essential for the operation of numerous companies, not only technological ones, in an intercontinental trade volume that is valued at 900,000 million euros. The judicial annulment of the treaties has kept many of them in a legal limbo. Meta, for example, was fined €1.2 billion by the Irish data privacy authority last May. This explains why her new platform that intends to replace Twitter, Threads, has not yet been launched in Europe.
The main denouncer of the pacts is the Austrian Max Schrems, who yesterday announced that he will bring the new treaty before the CJEU, considering it practically a copy of the previous one. “They say that the definition of insanity is doing the same thing over and over again and expecting a different result. Like the Privacy Shield, the latest agreement is not based on material changes, but on political interests,” he stated. His organization, called noyb (lowercase, it stands for none of your business), noted that the US has not changed its law, “which means that only American people continue to have constitutional rights and cannot be subject to surveillance without warrant.
Alexandre Roure, director of public policy at the Brussels office of the Information and Communications Industry Association, whose members include Apple, Google and Meta, said yesterday that companies “finally have the certainty of a framework durable legal law that allows the transfer of personal data from the EU to the United States.