The European Union on Tuesday launched a controversial deal with the United States aimed at curbing government spying on the personal internet information of European citizens.
The deal replaces one struck down by the EU’s top court in October, a decision which left firms like Google and Facebook in legal limbo over whether they could transfer data to their US headquarters.
The court struck down that deal based on an Austrian activist’s case against Facebook in Ireland, and its judgment cited US snooping practices exposed by former intelligence contractor Edward Snowden.
“The EU-US Privacy Shield is a robust new system to protect the personal data of Europeans and ensure legal certainty for businesses,” said EU Justice Commissioner Vera Jourova, launching the deal with US Commerce Secretary Penny Pritzker in Brussels.
The deal will take effect within hours once EU member states are formally notified, European officials told AFP.
“The approval of the privacy deal is a milestone for privacy at a time when the sharing of data is driving growth in every sector,” Pritzker told a press conference with Jourova.
The deal will “facilitate more trade across our borders, more collaboration across the Atlantic and more job creating investments in our communities,” Pritzker said.
Jourova insisted the deal offers the “highest standards” to protect the personal data of EU citizens.
But critics say it amounts to “a little upgrade” over the previous arrangement, called Safe Harbour.
Austrian internet activist Max Schrems, who brought the original case against Facebook, said the new deal was likely to face fresh legal challenges.
Bad for users
“This deal is bad for users,” Schrems said in a statement on Tuesday, adding that it was the result of pressure from Washington.
The old agreement effectively meant that Europe treated the United States as a safe destination for Internet data on the basis that Brussels and Washington adhered to similar standards.
Safe Harbor was declared “invalid” by the European Court of Justice, citing National Security Agency documents leaked by Snowden in 2013.
Top US companies including Facebook, Google and Microsoft in particular have been eager to end the legal void, because they transfer data from their European subsidiaries to their headquarters in the United States.
The deal includes commitments by the US to limit the use of bulk-collected intelligence, the appointment of a US ombudsman to deal with complaints by European citizens, and fines for firms that do not comply.
The deal will also be subject to an annual review.
But activists and European lawmakers are highly critical. They call the deal still highly deficient in terms of protection from US government access to data, as well as safeguards from bulk data collection.
The European Parliament in May asked the EU to continue negotiating with the United States for a better deal.
It said the proposed US ombudsman to deal with complaints by European citizens would neither be “sufficiently independent” nor have enough powers to act.
But Markus Beyrer, director general of Brussels-based BusinessEurope, said the deal “will enhance legal certainty for thousands of businesses on both sides of the Atlantic while providing an adequate level of protection for citizens’ data.”
The members of Industry group DIGITALEUROPE are “ready to begin the re-certification process” through the US department of Commerce when it begins on August 1, communications director Paul Meller told AFP.