U.S., EU Reach Preliminary Deal on Data Privacy

BRUSSELS – The US and the European Union have reached a preliminary agreement to allow the storage of data about Europeans on US soil, preventing a growing threat to the transatlantic operations of thousands of companies.

The deal, announced Friday by President Biden and European Commission President Ursula von der Leyen, could, if closed, solve one of the toughest unresolved issues between the two economic giants. It also allays the concerns of companies including Meta Platforms Inc. and Alphabet Inc.’s

GOOG 0.07%

Google faced increasing legal challenges related to data transfers underlying some of its operations in Europe.

At issue was the ability of companies to use US-based data centers to, for example, sell online advertisements, measure their website traffic or manage the payroll of companies in Europe.

An earlier deal allowing transatlantic data flows was deemed illegal by the EU’s highest court in 2020. That ruling marked the second time since 2015 that the Court of Justice of the EU found US safeguards for Europeans’ data insufficient. The court said the US has not provided EU citizens with effective means to challenge US government oversight of their data while in the US

The new deal, dubbed the Trans-Atlantic Data Privacy Framework, seeks to address the concerns of the EU’s Supreme Court by establishing an appeals process for EU individuals, including what the US calls an independent data protection court with binding authority to adjudicate claims and impose remedies. †

The new US data protection court, along with a commitment to limit disproportionate intelligence collection from signals, will be established via a US executive order, both EU and US officials said.

One issue in discussions in recent months, according to those briefed on the content, has been whether a mechanism implemented without an amendment to US law would satisfy the EU’s highest court.

Officials and observers on both sides of the Atlantic expect the new deal to be challenged again in court, raising some uncertainty about how long Friday’s deal will last.

Mr Biden said the “framework underscores our shared commitment to privacy, data protection and the rule of law” and would allow EU authorities “to re-authorize transatlantic data flows that will generate $7.1 trillion in economic relations with the make the EU possible.”

Apple began requiring apps to request user resale rights. Now both tech giants and small businesses say they are losing money with the new privacy policy. WSJ’s Shelby Holliday explains why those costs can be passed on to consumers. Illustration: Rafael Garcia

Ms von der Leyen said the agreement will “enable predictable and reliable data flows between the EU and the US, while safeguarding privacy and civil liberties.”

If successful, the data deal would resolve one of the last major points of contention in US-EU relations in recent years. In the past year, the two sides agreed to a truce in their protracted battle over subsidies to Airbus SE and Boeing Co.

have struck a deal to abolish US tariffs on steel and aluminum and have increasingly aligned their stances on China’s economic practices.

“Just as we did when we resolved the Boeing-Airbus dispute and lifted steel-aluminium tariffs, the United States and the EU are finding creative new approaches to bring our economies and our people closer together on shared values,” said Mr Biden, standing next to Mrs von der Leyen in Brussels.

The deal, if left in place, would be a major win for thousands of companies in a range of industries transferring data from the EU to the US, many of which have warned in securities deposits of potential disruption if forced to divert transatlantic data flows. .

Friday’s deal is especially important for major U.S. tech companies that have called on diplomats to strike a deal to prevent more cases where European privacy regulators instruct them or their customers to stop data transfers to the U.S.

In France and Austria, regulators citing the 2020 EU judge’s ruling recently ordered certain websites to stop using Alphabet’s Google Analytics service because it sends information about users’ internet addresses to the US, where the regulators say it can be requested by government agencies. Similar cases are pending in other EU countries.

Ireland’s Data Protection Commission has also completed a draft order under EU court precedent that could have compelled Meta Platforms’ Facebook to stop sending certain data about its users to servers in the US because it could get caught on monitoring requests. Meta has warned that such an order, if executed, could force it to stop offering some of its services in Europe.

But privacy advocates and experts say such injunctions are likely to pre-empt or be delayed by the new EU-U.S. agreement — at least until a new legal battle is fought — because the new framework addresses the same concerns that the EU court is in. 2020 raised.

Jay Modrall, a partner at Norton Rose Fulbright law firm in Brussels, said the deal will be “a great relief for many companies”, although he added that the deal is also likely to be challenged again.

On Friday, tech companies including Google and Meta praised the deal. The Computer & Communications Industry Association, which represents companies including Amazon.com Inc.

and Apple Inc.,

said the deal “should restore legal certainty for thousands of companies that routinely exchange commercial data between the EU and the US”

“As concerns about global internet fragmentation mount, this agreement will help keep people connected and services working,” Nick Clegg, Meta’s vice president of global affairs, said on Twitter.

Major economies, including China and India, have taken into account privacy regulations in recent years that require companies to keep data within national borders for national security and data protection reasons. In Europe, the data transfer dispute forced some US companies to similarly move data or facilities to the bloc.

While many American companies, such as Microsoft Corp.

Saying they already comply with EU privacy standards, the pending agreement will nonetheless clear the air for customers concerned about whether their personal information could be subject to scrutiny, said Julie Brill, the company’s chief privacy officer.

“This is how those bridges start to build and the confidence they need,” said Ms Brill.

The deal announced Friday is the latest attempt to bridge more than two decades of squabbling over how to balance privacy and commerce when it comes to transatlantic data flows. But while some lawyers and lobbyists in the US have expressed optimism that the new deal will pass legal scrutiny, some in Europe have said they believe a deal that doesn’t involve changes to US supervisory laws is unlikely to pass the Court of Justice of the United States. EU.

“We also had a purely ‘political deal’ in 2015, also called #PrivacyShield, but it lacked a fundamental legal basis and was dead on arrival,” said Max Schrems, the Austrian lawyer and privacy activist who led the cases that canceled two previous agreements called Safe. Harbor and Privacy Shield, said on Twitter ahead of the deal.

write to Daniel Michaels at daniel.michaels@wsj.com and Sam Schechner at sam.schechner@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

www.wsj.com

Leave a Reply

Your email address will not be published.