American companies doing business in Europe can breathe again after the U.S. and EU agreed to protect the privacy of data transferred across the Atlantic.
Tech giants like Google (, )Facebook (Tech30) and , Amazon (Tech30), as well as other firms, were facing a huge headache after the European Union’s top court struck down a previous data agreement, known as , Safe Harbor, last September.
Experts say that ruling was a direct consequence of revelations about indiscriminate spying made by whistleblower and former National Security Agency contractor Edward Snowden.
U.S. officials initially slammed the court and accused Europe of making “inaccurate assertions” about America’s intelligence services. But to avoid a meltdown in data transfers that would have hurt many firms, the U.S. has agreed to some of Europe’s demands.
It has given a written assurance that the access of its national security agencies to European citizens’ data will be strictly controlled.
“For the first time ever, the United States has given the EU binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards and oversight mechanisms. Also for the first time, EU citizens will benefit from redress mechanisms in this area,” the European Commission said in a statement.
The U.S. will establish an independent ombudsman to handle complaints raised by Europeans.
Thousands of companies relied on the Safe Harbor agreement when transferring sensitive data such as photos, personal information, or payslips. The bombshell ruling meant European regulators could easily have stopped them from doing that.
Businesses reacted with relief after the new “Privacy Shield” was announced on Tuesday. Myron Brilliant, vice president of the U.S. Chamber of Commerce, said the deal would allow companies to move data cross the Atlantic while “providing a high standard of data protection for citizens.”
But privacy activists were less impressed.
“A couple of letters by the outgoing Obama administration is by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit U.S. law allowing mass surveillance,” said Max Schrems. He launched the legal complaint against Facebook that ultimately brought the Safe Harbor agreement down.
The “Privacy Shield” will be reviewed every year to make sure the U.S. keeps its commitment on spying. Companies that transfer data will also face fines and exclusion from the deal if they fail to comply with the rules.
Vera Jourova, the top European official in charge of data protection, said the new agreement should take effect within three months.