Privacy Shield 2.0: The European Union and the United States of America agree a new data sharing agreement

Personal data should be able to flow more easily again between the EU and the USA. European Commission President Ursula von der Leyen (CDU) announced a new approach to data sharing after a summit meeting with US President Biden. After meeting with her colleague in the US, von der Leyen said she was very pleased “that we have reached a basic agreement on a new framework for transatlantic data traffic”.

A new agreement that will enable “reliable and trustworthy” data flows that protect privacy and civil rights, von der Leyen confirmed. Biden was ‘proud’ of ‘Another great hack’ in data movement. Senior politicians did not provide any details.

No new draft yet

Apparently, there is no draft of a new legal framework agreement. Another “Data Protection Shield” requirement is high: In the summer of 2020, the European Court of Justice (ECJ) declared the Transatlantic Privacy Shield, so one of the most important rules for transferring customer data to the United States is invalid by the Shrems 2 ruling.

Luxembourg judges once again found that US laws such as the Foreign Intelligence Surveillance Act (FISA) or the Cloud Act allow for mass surveillance by security authorities and that US data protection standards are therefore incompatible with EU standards. In 2015, Austrian activist Max Schrems had already struck down the previous “safe harbor” agreement before the European Court of Justice. Without fundamental US reforms, a third attempt is unlikely to be sufficient to ensure adequate data protection for EU citizens.

Shrems doubts von der Leyen’s declaration: “We already had a purely political agreement in 2015 that had absolutely no legal basis,” The lawyer confirms. “As it is now, we can play the same game a third time.” The deal appears to be a symbolic move that “does not have the support of experts in Brussels because the United States has not acted.”

No concessions from the United States

According to information from the data protection organization Noyb, which Schrems founded, the United States is “not planning any changes in its surveillance laws, only assurances from the executive branch” on the relevant orders. These will have “no external influence and cannot be sued”. The real solution such as a “no-espionage agreement” with “fundamental guarantees among like-minded democracies” is not yet clear. Customers and businesses were threatened with “more years of legal uncertainty”.

was the past According to observers One US Supreme Court decision Increases the difficulties with Privacy Shield 2.0. Supreme Court justices give the US government more freedom to invoke “state secrets” in espionage cases. US and European citizens alike will find it more difficult to challenge covert surveillance by US security agencies before domestic courts.

The new agreement eventually requires an executive decision by the EU Commission, which will first have to be scrutinized by the European Data Protection Board (EDPB). This process can only be started after a draft of such legal act is available. Thus, the actual “appropriateness decision” by the Brussels government institution should take at least a few more months. Until then, companies cannot rely on pure advertising to transfer data to the United States in a legally compliant manner.

(vbr)