Another framework to safeguard EU data stored in the US has been created by the EU and US. Nonetheless, this long-standing issue remains contentious. To be clear, the friction arises from the fact that most internet operations are overseen by US companies, with the bulk of their servers located stateside. Can EU citizens’ data be transferred to the US and still be adequately protected? This has been a bone of contention, as the EU suspects that given the chance, the US security apparatus would not hesitate to pry into these data sets. On the other hand, the US government has found it difficult to dispel these fears.
In a classic bureaucratic parlance, the European Commission greenlit a ‘new adequacy decision for safe and trusted EU-US data flows’, following its assessment that the US now provides sufficient protection for EU data. It follows that this decision aims to enable a hassle-free transfer of said data devoid of legal or regulatory obstacles.
Věra Jourová, EC VP for Values and Transparency stated, “Today’s decision is the result of intense cooperation with our partners in the US, working together to ensure that Europeans’ data travels safely, wherever it goes… The new adequacy decision will provide legal certainty for businesses and will help further consolidate the EU as a powerful player in transatlantic markets, while remaining uncompromising on respecting fundamental right of Europeans for their data to be always protected.”
Didier Reynders, Commissioner for Justice, added, “Since the Schrems II decision came out years ago, I have worked tirelessly with my US counterparts to address the concerns identified by the Court of Justice, and ensure that technological advances do not come at the cost of Europeans’ trust… But as close like-minded-partners, the EU and the US could find solutions, based on their shared values, that are both lawful and workable in their respective systems.”
The insinuations by both Reynders and Jourová hint at the negation of the previous EU-US Data Protection Shield due to the efforts of Austrian privacy activist Max Schrems. The EC believes that it has adequately addressed the concerns raised by the CJEU’s rejection. However, skeptics including Schrems himself are not so certain.
Activist Max Schrems showed his skepticism as followed: “They say the definition of insanity is doing the same thing over and over again and expecting a different result… Just like ‘Privacy Shield’ the latest deal is not based on material changes, but by political interests…”
The original target of Schrems’ activism, Facebook, offered a different position.
International data flows underpin the modern economy. “We welcome the new Data Privacy Framework, which will safeguard the goods & services relied on by people and businesses on both sides of the Atlantic. Congratulations to all involved!” tweeted Nick Clegg on July 10, 2023.
When compared with public revelations from Facebook and other US tech companies about their pressure from the US security apparatus and political pressure to censor internet platforms, it’s hard to trust this latest agreement between them. The EU may want to introduce the same thing over and over again until it’s accepted, but with activists like Schrems in the mix, that may not be a viable strategy.