Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy & Compliance

EU Member States Approve US Data Deal

EU member states on Friday approved a highly-criticized deal with the US intended to curb government spying on the personal internet data of EU citizens.

EU member states on Friday approved a highly-criticized deal with the US intended to curb government spying on the personal internet data of EU citizens.

Washington and the European Commission, the EU’s executive arm, had announced the new “Privacy Shield” deal in February.

“Privacy Shield” has now been approved by member-state regulators, the Commission said in a statement.

The deal replaces an agreement that was thrown out by the European Court of Justice last year.

Internet and Data Privacy

“Today Member States have given their strong support to the EU-US Privacy Shield, the renewed safe framework for transatlantic data flows,” said a statement from the commission, which is expected to formally enact the decision next week.

Approval by national regulators “paves the way for the formal adoption of the legal texts and for getting the EU-US Privacy Shield up and running,” the European Commission said in a statement.

Top US companies including Facebook and Google in particular have been eager to end the legal void, because they transfer data from their European subsidiaries to their headquarters in the United States.

The deal includes commitments by the US to limit the use of bulk-collected intelligence, the appointment of a US ombudsman to deal with complaints by European citizens, and fines for firms that do not comply.

Advertisement. Scroll to continue reading.

The deal will also be subject to an annual review.

But activists and European lawmakers are highly critical.

They call the deal still highly deficient in terms of protection from US government access to data, as well as safeguards from bulk data collection.

The European Parliament in May asked the EU to continue negotiating with the United States to remedy “deficiencies” in the agreement.

MEPs said the proposed US ombudsman to deal with complaints by European citizens would neither be “sufficiently independent” nor have enough powers to act.

Austrian internet activist Max Schrems — who brought a case against Facebook in Ireland that led to the EU court judgement last year — has said the new deal amounts to putting “10 layers of lipstick on a pig.”

The previous agreement, called “Safe Harbor,” effectively meant that Europe treated the United States as a safe destination for internet data on the basis that Brussels and Washington adhered to similar standards.

But the EU’s top court in October declared Safe Harbor “invalid.”

It cited US snooping practices exposed by Edward Snowden, the former intelligence contractor who leaked a hoard of National Security Agency documents.

Related: Privacy Shield Heavily Criticized by European Regulators

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...