The EU and the US establish a new agreement on privacy to allow the transfer of data

The European Commission has announced a new agreement on the data privacy framework between the European Union and the United Stateswhich will guarantee that the transfer of data between both powers is carried out safely and respecting the privacy of users.

ursula von der Leyen, President of the European Commission, stated the following: “The new EU-US data privacy framework. USA guarantee secure data flows for Europeans and will provide legal certainty for companies on both sides of the Atlantic.

Following the agreement in principle that I reached with President Biden last year, The US has implemented unprecedented commitments to set the new frame. Today we take an important step to give citizens the confidence that their data is secure, to deepen our economic ties between the EU and the US, and at the same time to reaffirm our shared values. It shows that, working together, we can tackle the most complex problems.”

In addition, this new framework will be reviewed periodically by the European Commission, representatives of the European data protection authorities and competent US authorities,” in order to verify that all relevant elements have been fully implemented in the US legal framework and function effectively in the practice”. The first review will take place one year after its entry into force.

The end of the veto on the transfer of data to both sides of the Atlantic

The American country had ceased to be considered a “safe European data port” when, in July 2020, the Court of Justice of the European Union (CJEU) knocked down the Privacy Shield. This was the previous regulatory framework that dealt with the transfer of data across the Atlantic, and since its invalidation, the transfer of data has been illegal.

Now, as confirmed in the statement from the European Commission: “On the basis of the new adequacy decision, personal data can flow securely from the EU to US companies participating in the Frameworkwithout having to establish additional data protection safeguards«.

What innovations does the new framework introduce?

This new bilateral data transfer agreement has added new binding guarantees to cover all the concerns that the CJEU had previously raised.

An example is the limitation of access to EU data by US intelligence services. Only being able to access in necessary, proportionate and justified cases, otherwise they must delete said data and may risk the application of criminal and national security law.

On the other hand would be the establishment of a Data Protection Review Tribunal (DPRC), which can be accessed by citizens of the European Union. So that they have access to remedies if US companies mishandle their data. including so independent and free resolution mechanisms and an arbitration panel.

Added to this, this new framework introduces improvements over the old Privacy Shield. For example, if the DPRC determines that the data was collected in violation of the new safeguards, it may order the deletion of the data. The new safeguards in the field of government access to data will complement the obligations that US companies that import data from the EU will have to subscribe to.

For their part, the US companies will be able to join the EU-US data privacy framework. if they commit to comply with a detailed set of privacy obligations. “For example, the requirement to delete personal data when it is no longer necessary for the purpose for which it was collected, and to ensure continuity of protection when personal data is shared with third parties.”

Good news for Meta and other companies

With the approval of this new regulatory framework, the situation regarding the management and transfer of data of many companies is softened. And it is that in recent years, the non-existence of regulations in this regard had played against companies such as, for example, Goal.

In May of this year, the EU imposed a fine of 1,200 million euros on the technology giant for the transfer of user data from Facebook to the US, in breach of the provisions of the General Data Protection Regulation (RGPD).

Photo: Depositphotos

Stay informed of the most relevant news on our Telegram channel