The European Commission today finalized its approval of the EU-US Data Privacy Framework, in the latest step in a lengthy effort to harmonize the two sets of laws and allow for cross-border data transfer, but critics say that it is likely to face the same legal challenges that have caused previous agreements to founder.
The Commission’s president, Ursula von der Leyen, said that the ratification of the framework should provide “legal certainty” to transatlantic businesses, and called the commitments “unprecedented.”
“Today we take an important step to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and the US, and at the same time to reaffirm our shared values,” she said, in a statement. “It shows that by working together, we can address the most complex issues.”
Chief among criticisms of previous US-EU data-transfer agreements is the role of the US intelligence community in mass surveillance, and one prominent critic said that the latest version does not materially limit American spy agencies’ access to EU citizens’ data.
Data privacy accord will face new legal challenges
“[The t]hird attempt of the European Commission to get a stable agreement on EU-US data transfers will likely be back at the [European] Court of Justice in a matter of months,” said a statement from the European Center for Digital Rights. That group, which also refers to itself as “NOYB” (or “none of your business”), was founded in 2017 by Max Schrems, an Austrian lawyer who has been outspoken in his criticisms of US data protection rules and mass surveillance, and whose complaints were key to sinking the previous Safe Harbor and Privacy Shield programs.
Earlier attempts to reach a data-sharing accord with the US collapsed as a result of court cases in the ECJ, with a lack of truly independent oversight and opposition from the US Department of Justice to ending bulk surveillance.