The European Union (EU) and the United States (US) have reached a significant agreement on a new transatlantic data-sharing framework. The European Commission announced this development on Monday, highlighting that the new pact aims to facilitate the free flow of information between the EU and the US, reducing operational risks for social media companies operating across both regions.
This decision comes three years after the EU’s highest court invalidated the Privacy Shield, a protocol that permitted US-based companies to collect and process data from EU citizens. The court ruled that the Privacy Shield failed to provide sufficient protection against unauthorized access to users’ data by US intelligence agencies. The ruling had far-reaching implications for companies like Meta (formerly Facebook) and Amazon, which heavily rely on data collection for their operations.
Following the annulment of the Privacy Shield, companies were required to comply with the EU’s data transfer policies. Earlier this year, Ireland’s Data Protection Commission imposed a record fine of $1.3 billion on Meta for its data transfers to the US, citing the company’s failure to address risks to the fundamental rights of EU citizens. Similarly, in 2021, Luxembourg’s National Commission for Data Protection fined Amazon $887 million for its handling of EU residents’ data.
The new EU-US Data Privacy Framework aims to protect companies from facing similar penalties by establishing provisions to ensure compliance. In addition to limiting US intelligence agencies’ access to overseas data, the framework introduces the creation of a Data Protection Review Court (DPRC) to independently investigate and resolve complaints, including the authority to order the deletion of data.
US companies will be required to adhere to privacy obligations, including the timely deletion of personal data when no longer necessary and implementing safeguards when sharing data with third parties.
Ursula von der Leyen, President of the European Commission, expressed confidence that the new framework will ensure secure data flows for Europeans and provide legal certainty for companies operating on both sides of the Atlantic. However, it remains to be seen whether this policy will withstand scrutiny from the EU’s court, considering that two previous attempts to establish a new framework were rejected by judges.
Nick Clegg, Meta’s President of Global Affairs, took to Twitter to welcome the new framework, emphasizing its importance in safeguarding the goods and services relied upon by individuals and businesses in both the EU and the US.