European officials approved a new agreement on Tuesday that will allow some of the world’s largest companies, including Google and General Electric, to move digital information freely between the European Union and the United States.
The pact, known as the E.U.-U.S. Privacy Shield, comes after months of political wrangling. It is aimed at allowing online data — from social media posts and search queries to information about workers’ pensions and payroll — to be transferred across the Atlantic. The agreement also provides extra privacy protections for European citizens when their information is moved to the United States.
Here’s a primer on what was announced, what happens next and how it might affect you.
What is the Privacy Shield and why does it matter?
The pact allows more than 4,000 companies that have registered with the Department of Commerce to transfer data between Europe and the United States. The new deal became necessary after Europe’s highest court ruled last year that the previous one — known as Safe Harbor — was invalid because it did not sufficiently protect Europeans’ privacy rights.
These digital data transfers are vital for many businesses, particularly technology companies like Facebook, which rely on moving information quickly between regions to power their online advertising businesses. As much as $260 billion of trans-Atlantic commerce depends on the Privacy Shield, according to industry estimates, so politicians were under pressure to reach an agreement.
What are the main points?
The pact bolsters privacy guarantees for anyone living in Europe — but not for people in the United States — when their data is shifted across the Atlantic. Many Europeans fear that their information might be used inappropriately by the United States government, including its intelligence agencies, and by companies.
The new safeguards include a greater say for Europeans on how their information is used, the right to go to American courts when people think companies or the United States government may have misused their data, and written guarantees from American officials that government agencies will not indiscriminately collect and monitor Europeans’ data without cause.
A new position has been created in the State Department to handle European complaints that American intelligence agencies or other government departments may have unfairly collected and used people’s digital data.
Why are Europeans so afraid of the United States government?
Call it the Snowden factor. After the former National Security Agency contractor Edward J. Snowden revealed in 2013 that American intelligence agencies were actively spying on people worldwide, including in Europe, the region’s population, policy makers and lawmakers were up in arms. Since the revelations, multiple legal cases have been filed across Europe, particularly involving United States tech companies caught up in the scandal, in an attempt to rein in these activities.
Much of the wrangling over the Privacy Shield has focused on data protection safeguards in Europe — where privacy is viewed as a fundamental right on a par with freedom of expression — that are not fully replicated in the United States. American officials say the United States Constitution and various laws provide essentially equivalent privacy rights to Americans and foreign nationals. But European officials have nevertheless fought to guarantee a high level of privacy protection for their citizens when digital information is transferred.
Is everyone happy with the Privacy Shield?
American and European officials say the pact goes further than the previous deal, ensuring that Europe’s tough privacy rules are respected and replicated when data is moved to the United States.
But privacy campaigners and some European national data protection watchdogs are not so sure. Earlier this year, the region’s regulators called for changes to the provisional deal, saying Europeans’ rights were still not sufficiently protected.
And despite further revisions, some think the deal still does not go far enough. Legal challenges are already being prepared, and the European Court of Justice — the same court that overturned the previous trans-Atlantic data transfer deal — is likely to review the Privacy Shield to see if it meets European standards.
Where does that leave us?
It remains unclear whether Europe’s highest court could eventually overturn the pact, but legal experts say the case, if filed, would not be heard until late 2017 at the earliest. In the meantime, companies are spending tens of millions of dollars to ensure that their data protection rules meet Privacy Shield standards, and privacy groups are searching for test cases to use in their efforts to overturn the new agreement. (Filings are expected within months.)
In the face of this uncertainty, the credibility of American and European officials is on the line. The European Commission, the executive arm of the European Union, and the United States Department of Commerce spent years negotiating the new deal. If it were eventually overturned in court, few companies or privacy experts would have faith that either side could do any better the next time around.
“There always will be criticism because we don’t have an equivalent legal system with the U.S.,” Vera Jourova, the European Justice commissioner who negotiated the Privacy Shield, said in an interview.
“I’m looking at the practical positive impact that Privacy Shield will have,” she added. “I’m not focused on what may happen with legal challenges.”
Continue reading the main story