[ad_1]
The Privacy Shield Framework logo is displayed on the smartphone screen.
Buffalo Jonchar | Soba photos | Light Rocket | Getty Images
Companies can continue moving data from the European Union to the United States as normal after the two superpowers agreed this week to a landmark data-sharing agreement.
The framework, which replaces an earlier agreement that was revoked in 2020, is a major development with implications for US tech giants, who rely on the agreement to transfer data of their European users to America.
Without their presence, these companies ran the risk of costly initiatives to process and store user data locally — or pull their businesses off the block altogether. So agreeing to the new rules will provide some relief meta And other American companies that share huge amounts of user data around the world.
However, the rules are already facing the threat of legal challenges from privacy campaigners, who are not satisfied with the level of protection the measures provide to European citizens. They say it’s not much different from an earlier framework called Privacy Shield.
CNBC presents everything you need to know about the new EU-US privacy framework, why it’s important, and its chances of success.
What is the new EU-US data privacy framework?
The new data-sharing pact, which he named EU-US data privacy frameworkaims to ensure that data flows securely between the European Union and the United States, without the need to put in place additional data protection safeguards.
in statement The European Commission, the European Union’s executive, said on Monday it had concluded that US data protection laws provide an “appropriate level of protection” for European citizens, and introduced new safeguards that limit access to EU data by US intelligence services to what is “necessary”. And only proportional.”
A new Data Protection Review Tribunal will be set up for Europeans to issue privacy complaints. It will have powers to order companies to delete users’ data if it finds that the information collected violates the new safeguards.
Why was a new data transfer agreement needed?
The data privacy framework replaces an earlier agreement, called the Privacy Shield, that allowed companies to share data of Europeans with the United States to store and process it locally in their domestic data centers.
Schrems said the NSA’s Edward Snowden revelations about US surveillance meant US data protection standards could not be trusted.
He filed a complaint against the social network Facebook which, like many other companies, was transferring his and other user data to the US, as well as the Irish Data Protection Commission, Facebook’s main regulatory authority when it comes to data privacy in Europe.
It reached the European Court of Justice, which ruled in 2015 that the then Safe Harbor Agreement, a previous mechanism for allowing European users’ data to be transferred to the US, was not valid and It did not provide adequate protection for European citizens.
It was replaced by a privacy shield, however, this was later rescinded as well.
Meanwhile, the companies relied on separate mechanisms known as standard contractual clauses to ensure they could still transmit data across the Atlantic.
These tools, too, are under threat.
The Irish DPC ruled in May that Meta’s use of SCCs to transfer personal data to the United States breached the EU’s General Data Protection Regulation. The US tech giant has been fined $1.3 billion.
why does it matter?
Multinational companies operate in different jurisdictions, and need to transfer data of their customers across borders in a secure manner and comply with data protection regulations.
American tech giants share data about their European users back home all the time. It is an integral part of the Internet being an open and interconnected platform.
But the way these tech companies handle data has come under intense scrutiny from regulators and privacy activists.
metaAnd GoogleAnd Amazon Others collect vast amounts of data about their users, which they use to inform their content recommendation algorithms and ad personalization.
There have also been countless examples of scandals surrounding misuse of people’s data by tech companies — not least of which is Meta’s improper sharing of data with Cambridge Analytica, the controversial political consultancy.
Europe has strict regulations when it comes to the processing of internet users’ data.
In 2018, the General Data Protection Regulation came into force introducing stringent requirements for organizations to ensure they handle user data safely and securely. This is a law that applies in all countries of the European Union.
On the other hand, the United States does not have a single federal data protection law that covers the privacy of all types of data.
Instead, individual US states have come up with their own data privacy regulations, with California leading.
“There has been intense regulatory and political scrutiny on data transfers between the EU and the US, so there are notable differences in the US law protection measures implemented to support the new framework,” Holger Lutz, partner at law firm Clifford Chance, told CNBC by email.
“Changes to US law have been made in parallel to strengthen the protection of personal data in the EU and the rights of EU citizens in relation to such data. These protections are not limited to the new framework – they also protect transfers of personal data between the EU and the US outside the framework work, and may be taken into account when making such transfers based on other legal instruments such as the EU Standard Contractual Clauses.”
Do you succeed?
Agreeing to a new data privacy framework means companies will now have certainty about how data will be processed across borders in the future.
Had there been no agreement, some companies might have been forced to close operations in Europe. Actually, Metta Be warned this was a risk in February 2022.
However, there are still obstacles ahead.
Schrems, the Austrian privacy activist who helped bring down the Privacy Shield, has already said he plans to launch a legal challenge to tear up the new data-sharing agreement.
Law firm Noyeb has “various options for a challenge already in the drawer,” Shrems said in a statement.
“We currently expect this to return to the Court of Justice at the beginning of next year,” Sharmus said.
“The Court of Justice can then even suspend the New Deal while it reviews its substance. For the sake of legal certainty and the rule of law, we will then have an answer as to whether or not the commission’s small improvements are sufficient.”
Privacy activists say the measures aren’t enough because US privacy laws don’t offer protections to non-US citizens, meaning people in the European Union don’t have the same level of protection.
“Whether the framework is successful will be a question of whether European courts consider personal data protection in the United States sufficient to offer basic equivalence to EU protection,” Lutz of Clifford Chance told CNBC.
“Companies will carefully consider these potential challenges in their scenario planning.”
[ad_2]
