Europe seals data transfer pact with US limiting access by intelligence services, but a new legal challenge is expected

The European Commission announced a new data transfer pact with the United States on Monday, seeking to end the legal uncertainty plaguing thousands of companies that transfer personal data across the Atlantic.

The move was immediately criticised by non-profit group noyb, led by privacy activist Max Schrems, which said it would challenge the agreement.

The commission and the United States had been struggling to reach a new agreement after Europe’s top court annulled two previous pacts that underpinned the transfer of personal data across the Atlantic for services ranging from cloud infrastructure to payroll and banking.

The commission, the EU’s executive arm, said measures taken by the United States ensured an adequate level of protection for Europeans’ personal data transferred across the Atlantic for commercial use.

It said new binding safeguards, such as limiting US intelligence services’ access to EU data to what is “necessary and proportionate” and the establishment of a Data Protection Review Court for Europeans, address the concerns raised by Europe’s top court.

US President Joe Biden welcomed the data transfer pact and said it reflected a “joint commitment to strong data privacy protections”.

EU justice chief Didier Reynders said he was confident of fending off any legal challenge.

“The principles of the data privacy framework are solid, and I am convinced that we have made significant progress which meets the requirements of the European Court of Justice case law,” he told a news conference. “I am very confident of fighting, defending the new data agreement.”