South China Morning Post
Advertisement
Advertisement
Cybersecurity
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
The European Union and US have reached a new agreement allowing for data transfers, but a legal challenge is expected. Photo: Reuters
TechPolicy

Europe seals data transfer pact with US limiting access by intelligence services, but a new legal challenge is expected

  • The agreement addresses the legal uncertainty plaguing thousands of companies with cross-Atlantic operations and establishes a Data Protection Review Court
  • Non-profit group noyb, which successfully challenged two previous deals, said it would mount a new challenge because ‘changes in US surveillance law’ are needed
Cybersecurity
Reuters
Reuters
Why you can trust SCMP

The European Commission announced a new data transfer pact with the United States on Monday, seeking to end the legal uncertainty plaguing thousands of companies that transfer personal data across the Atlantic.

The move was immediately criticised by non-profit group noyb, led by privacy activist Max Schrems, which said it would challenge the agreement.

The commission and the United States had been struggling to reach a new agreement after Europe’s top court annulled two previous pacts that underpinned the transfer of personal data across the Atlantic for services ranging from cloud infrastructure to payroll and banking.

Hong Kong and mainland agree to cross-border data deal after new rules in China

The commission, the EU’s executive arm, said measures taken by the United States ensured an adequate level of protection for Europeans’ personal data transferred across the Atlantic for commercial use.

It said new binding safeguards, such as limiting US intelligence services’ access to EU data to what is “necessary and proportionate” and the establishment of a Data Protection Review Court for Europeans, address the concerns raised by Europe’s top court.

US President Joe Biden welcomed the data transfer pact and said it reflected a “joint commitment to strong data privacy protections”.

EU justice chief Didier Reynders said he was confident of fending off any legal challenge.

“The principles of the data privacy framework are solid, and I am convinced that we have made significant progress which meets the requirements of the European Court of Justice case law,” he told a news conference. “I am very confident of fighting, defending the new data agreement.”

Austrian lawyer and privacy activist Max Schrems poses in Vienna on July 16, 2020. Photo: Reuters

But Schrems said the latest revision was inadequate.

“Just announcing that something is ‘new’, ‘robust’ or ‘effective’ does not cut it before the Court of Justice. We would need changes in US surveillance law to make this work,” he said in a statement.

“We have various options for a challenge already in the drawer, although we are sick and tired of this legal ping-pong. We currently expect this to be back at the Court of Justice by the beginning of next year,” Schrems added.

Lobbying group DigitalEurope, whose members include Airbus, Amazon, Apple, Ericsson, Nokia, Philips and Samsung, welcomed the deal.

“Data flows underpin the EU’s annual 1 trillion euros of service exports to the United States, and this decision will give companies more confidence to conduct business and help our economies to grow,” its director general, Cecilia Bonefeld-Dahl, said.

12:14

Snowden spy leaks shook the world, a decade later, what’s changed?

Snowden spy leaks shook the world, a decade later, what’s changed?

Earlier this year, the EU’s privacy watchdog, the European Data Protection Board, said the latest data agreement still fell short and urged the commission to do more to protect Europeans’ privacy rights.

Europe’s top court scuppered the previous two deals after challenges by Schrems because of concerns about US intelligence agencies’ accessing European citizens’ private data.

Post