American and European Union leaders said on Friday that they had reached an “agreement in principle” to assure that it is legal to transfer personal data across the Atlantic, after a previous pact was struck down when a court found it did not do enough to shield Europeans from American surveillance programs.
President Biden said at a news conference in Brussels that the agreement included “unprecedented protections for data privacy and security for our citizens.” But the details of the new agreement were not released. A European court invalidated the previous legal framework for data transfers in part because it did not give Europeans adequate means to complain if they believed their privacy rights have been violated.
Businesses that send European Union data to American servers have pushed hard for the governments to reach a new deal. Since the last pact was struck down more than 18 months ago, regulators in European countries have said that companies cannot use certain web services, like Google Analytics and Mailchimp, because doing so could violate the privacy rights of Europeans.
Meta, the parent company of Facebook, said earlier this year it might shut down its services in Europe if the governments didn’t resolve their differences. Google’s top lawyer had urged “quick action to restore a practical framework that both protects privacy and promotes prosperity.”
The Friday announcement is the latest development in a lengthy debate about how far governments and tech companies should go to protect users’ privacy. Europe’s top court twice struck down pacts governing trans-Atlantic data flows between the United States and the European Union over concerns that the data would be exposed to American surveillance programs.
“With concern growing about the global internet fragmenting, this agreement will help keep people connected and services running,” said Nick Clegg, the president of global affairs at Meta. “It will provide invaluable certainty for American & European companies of all sizes, including Meta, who rely on transferring data quickly and safely.”
But it was unclear if the new pact would be enough to satisfy the concerns of privacy campaigners. Max Schrems, an activist whose group Noyb (as in: “none of your business”) has led efforts to invalidate the trans-Atlantic agreements, said in a statement he was skeptical of the deal and that his organization would carefully analyze the details.
“If it is not in line with E.U. law, we or another group will likely challenge it,” he said.