US, EU strike data transfer deal

US, EU strike data transfer deal
© Getty Images

European officials on Tuesday gave the final stamp of approval to a long-awaited data transfer deal between the U.S. and the European Union, allowing the agreement to go into effect after more than eight months of negotiations.

The so-called Privacy Shield is intended to allow thousands of companies — from social media to hospitality — to continue freely transferring European citizens’ data across the Atlantic.


It replaces a widely used 2000 agreement that was struck down by the European high court over privacy concerns last fall. Businesses have long feared a chilling of transatlantic trade — valued at $1 trillion in 2014 — if officials were unable to reach a deal that satisfied Europe’s stiffer privacy protections.

“We know that individuals and industry alike have faced uncertainty, but I want to assure you that all of us are committed to a smooth transition to the Privacy Shield,” Commerce Secretary Penny PritzkerPenny Sue PritzkerMichelle Obama officiated Chicago wedding: report Election Countdown: Trump plans ambitious travel schedule for midterms | Republicans blast strategy for keeping House | Poll shows Menendez race tightening | Cook Report shifts Duncan Hunter's seat after indictment Former Obama officials launch advocacy group aimed at Trump's foreign policy MORE said in remarks given early Tuesday morning.

“With the approval of the EU-U.S. Privacy Shield, we send an important message to the world: The sharing of ideas and information across borders is not only good for our businesses but also for our communities and our people."

Companies can begin signing up for the new program Aug. 1, officials said.

The inking of the deal was immediately hailed as a victory by business and tech groups in the U.S., as well as lawmakers.

“In addition to bolstering American businesses, the Privacy Shield strikes the right balance between personal privacy and public security while ensuring that cross-border data transfers between the two regions continue without interruption,” said Sen. Orrin HatchOrrin Grant HatchTrump to award Medal of Freedom to economist Arthur Laffer Trump gambles in push for drug import proposal Biden's role in Anita Hill hearings defended by witness not allowed to testify MORE (R-Utah), who co-sponsored a bill giving Europeans judicial redress for privacy violations in the U.S., which was seen as a prerequisite of the deal.

The U.S. Chamber of Commerce hailed the privacy shield as a "strong agreement."

“The Chamber welcomes the legal certainty that the Privacy Shield provides American and European companies alike when transferring data across the Atlantic,” said Myron Brilliant, the Chamber’s executive vice president and head of international affairs, in a statement.

But the fledgling deal’s future is far from certain. Many expect it will face legal challenges similar to the complaint that brought down the 2000 agreement, known as Safe Harbor. The now-defunct deal allowed U.S. firms to “self-certify” that they offered privacy protections equivalent to European law — something the high court determined was impossible because of America’s surveillance practices.

Critics say the new deal does no more to immunize Europeans from U.S. surveillance than Safe Harbor did.

“It is little more than a little upgrade to Safe Harbor, but not a new deal. It is very likely to fail again, as soon as it reaches the [European high court],” said Max Schrems, the Austrian privacy advocate whose complaint ultimately led to the invalidation of Safe Harbor. “This deal is bad for users, which will not enjoy proper privacy protections, and bad for businesses, which have to deal with a legally unstable solution.”

Pritzker sought to reassure businesses that the new deal would survive legal challenges.

“With new privacy protections in place, we are confident the Framework will withstand further scrutiny,” Pritzker said, citing a close working relationship with Europe’s 28 privacy regulators.

“Our governments are committed to ensuring that the Framework functions as intended, and through a robust annual review, that it meets the changing needs of consumers and businesses,” she continued.

The Privacy Shield will require U.S. companies to register detailed, publicly accessible privacy plans with the Federal Trade Commission (FTC). It is similar to the system of self-certification in Safe Harbor but features some restrictions on America's use of bulk surveillance.

Critics dismiss the changes as minimal and question whether problems with the earlier deal would really be solved. 

FTC Chairwoman Edith Ramirez on Tuesday insisted her agency would be up to the task of protecting EU citizens’ privacy.

“The FTC has a strong track record of protecting consumer privacy, and we will remain vigilant as we enforce the new framework,” she said in a written statement.

— Joe Uchill contributed.