Ursula von der Leyen, President of the European Commission revealed the big news alongside US President Joe Biden on March 25: a “ agreement in principle was found for a new framework for transatlantic data flows “. A statement expected for almost two years and the cancellation of the Privacy Shield.
Pleased that we found an agreement in principle on a new framework for transatlantic data flows.
In the same categoryNASA plans to develop a second lander with a new partner
It will enable predictable and trustworthy ???? data flows, balancing security, the right to privacy and data protection.
This is another step in strengthening our partnership. pic.twitter.com/7Y0wslR7Go
—Ursula von der Leyen (@vonderleyen) March 25, 2022
An urgently awaited Privacy Shield!
Joe Biden visiting Europe, on the sidelines of the war in Ukraine, took the opportunity to settle a deep dispute with the European Union (EU), the future Privacy Shield. This agreement, which authorized data transfers on both sides of the Atlantic, was broken in 2020 by the Court of Justice of the Union (CJEU) because it contravened the GDPR. The regulation prohibits the transfer of European personal data to a country with a lower level of data protection than the Old Continent.
Since then, the United States and Europe have been racking their brains to find a successor, the third, legally viable. Pending the outcome of negotiations, data transfers have continued with relative leniency from European regulatory authorities, but leaving companies in uncertainty.
In recent months, the pressure on the negotiators has increased. The CNIL and some of its counterparts have decided to attack Google Analytics over transatlantic data transfers. The Irish authority, however very cautious, accelerated in the Meta file on this same subject, pushing Mark Zuckerberg’s group to wave the prospect of a farewell to Europe.
GAFAM and all European and American companies transferring data between the two shores of the Atlantic can breathe a sigh of relief on March 25. Google has already welcomed Ursula von der Leyen’s statement to Techcrunch.
A few small details to settle, nothing too bad…
Be careful, however, not to declare victory too soon. At this time, no details of the deal have been provided. The technical and legal details still need to be worked out in the coming weeks.
The day before the announcements by the President of the Commission, Politico explained that an American offer submitted in February should serve as a basis. So far, Brussels has rejected all US offers, deeming them too far from European data protection standards.
The surveillance of American intelligence on European personal data, trauma of the 2013 Snowden affair, is the main stumbling block between the parties.
To convince their counterparts, the American negotiators would have made several proposals revolving around the creation of an agency under the direction of the American Department of Justice. It would be responsible, thanks to a wide investigative power, to monitor the processing of European data by intelligence. Europeans would also have the ability to challenge the collection of their data in US federal courts.
Top hearts…
These proposals, the last in particular, seem up to the challenge. However, Politico reports that a decision by the US Supreme Court in early March could upset this fragile game of legal balance. The Court has authorized the US federal government to invoke state secrecy over surveillance cases if national security is at stake.
These barriers erected between the agreement in principle and its realization encourage pessimism. Ursula von der Leyen nevertheless assured that the negotiators have reached an agreement between security and data protection. Noyb, the European data protection association created by Max Schrems, who defeated the Privacy Shield and its predecessor, Safe Harbor in 2015, remains particularly dubious.
In hot reactionMax Schrems lamented, “ It is regrettable that the EU and the US did not take advantage of this situation to reach a ‘no spying’ agreement, with basic guarantees between like-minded democracies “.
Based on the elements revealed, and in particular the refusal of the United States to reverse their surveillance laws, Noyb judged “ We do not see how this could pass the test of the CJEU. Previous agreements have failed twice in this regard “. The association has warned that it could bring down a third agreement that does not respect the GDPR before the CJEU in a few months. The next few weeks promise to be eventful on the data front.