Security Experts:

EU, US Agree to New Internet 'Privacy Shield'

The EU and United States struck a new deal Tuesday on data transfers relied on by Facebook and Google, after Europe's top court struck down the previous pact for failing to protect users from US spying.

Dubbed "Privacy Shield", the agreement replaces the 16-year-old Safe Harbor arrangement that was ruled illegal in October in the wake of the Edward Snowden revelations on US intelligence.

Businesses on both sides of the Atlantic had expressed concerns about the legal limbo and warned of the fallout if the two sides failed to reach a new agreement, which was meant to happen by the end of January.

Privacy Shield with Europe and US Internet DataBut privacy campaigners -- in addition to mocking the pact's new name and comic-book style logo -- expressed concern that the new deal does not produce the necessary safeguards and warned the arrangement could end up back in court.

"I'm glad to announce today that we have finalised negotiations with the United States on a renewed and safe framework for transatlantic data flows," European Justice Commissioner Vera Jourova told a press conference.

She said she expected the deal to take effect in about three months.

In Washington, US Commerce Secretary Penny Pritzker said: "Beyond being central to transatlantic commerce, this deal also signals the closeness of the EU-US relationship."

In October, the European Court of Justice ruled the arrangement allowing firms to transfer European citizens' personal information to the US was "invalid" because of US snooping practices exposed by Snowden, the former intelligence contractor who leaked a hoard of National Security Agency documents.

Future legal challenges?

The case stemmed from a legal challenge brought by Austrian Internet activist and law student Max Schrems against Facebook in Ireland.

Schrems sent out a series of tweets mocking the new deal, including calling Privacy Shield a "strange name," and issued a statement that the new deal could end up back in the court in Luxembourg.

He said the deal was based only on a couple of letters from the administration of President Barack Obama, adding that it was "by no means a legal basis to guarantee the fundamental rights of 500 million European users in the long run, when there is explicit US law allowing mass surveillance."

But Brussels said the deal would protect Europeans.

"For the first time, the US has given the EU binding assurances that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms," Jourova said.

Europeans would also benefit for the first time from "redress mechanisms" if their data was illegally accessed.

Ansip stressed the new arrangement allowed for annual reviews which would allow the two sides to tackle any new threats to privacy.

The European Commission, the EU executive, said the deal gave Europeans the chance to raise any enquiry or complaint with a dedicated new watchdog.

Digital Europe -- one of the top business groups in Europe that had warned of fallout if a new deal was not swiftly agreed -- welcomed the arrangement.

But Estelle Masse, European policy analyst at campaign group Access Now, echoed Schrems' concerns.

"Since both sides failed to conduct the necessary surveillance and privacy reforms, this deal is not fit to resist future legal challenges," Masse warned. 

view counter