USA and EU sign an agreement to succeed the Privacy Shield
After the invalidation of the Privacy Shield, the United States and the European Union reached an agreement in principle on the transfer of transatlantic data. Few details have leaked on this agreement which will have to withstand legal challenges.
And three. After the Safe Harbor and the Privacy Shield, both invalidated by the Court of Justice of the European Union, the United States and the EU have signed an agreement in principle on another text concerning the transfer of transatlantic data. The last agreement was postponed in 2020, leaving companies in legal uncertainty and forcing them to use standard contractual clauses (SCC).
The announcement of the agreement came during Joe Biden’s visit to Europe. During a joint statement, the American President and the President of the European Commission, Ursula von der Leyen, specified that this forthcoming text “will facilitate data flows between the EU and the United States, while preserving privacy and civil liberties”. The leader of the Brussels executive adds that “this is a new step in strengthening our partnership. We manage to strike a balance between security and the right to privacy and data protection”. For his part, the American president highlights the economic impact of such an agreement, “which helps to facilitate economic relations with the EU, worth 7,100 billion dollars”.
Progress on European appeals, pending validity
It now remains to be seen what exactly this text, which is to succeed the Privacy Shield, contains. Last February, the Politico site pointed out that the two parties had negotiated an approach which would consist in offering EU citizens the right to lodge complaints with an independent judicial body if they believe that the American national security agencies have unlawfully processed their personal information. An axis confirmed in the final report, with a two-level appeal system and the creation of a Court Review Data Protection. It is also expected that “a new set of binding rules and safeguards to limit access to data by US intelligence authorities to what is necessary and proportionate to protect national security”.
We will have to wait for the official release of the text to know a little more about this body of rules. Analysts and companies will also pay attention to the legal validity of the agreement. After two invalidations, caution is required, because it is very likely that the next text will be challenged before the Community courts. Slayer of the first two agreements, Max Schrems indicated at the end of last week, “we already had a purely political agreement in 2015 which had no legal basis. From what we hear, we could play the same game a third time now”. However, he is waiting to learn more about the proposed text in order to analyze it in depth”.