EU member states on Friday approved a highly-criticized deal with the US intended to curb government spying on the personal internet data of EU citizens.
Washington and the European Commission, the EU’s executive arm, had announced the new “Privacy Shield” deal in February.
“Privacy Shield” has now been approved by member-state regulators, the Commission said in a statement.
The deal replaces an agreement that was thrown out by the European Court of Justice last year.
“Today Member States have given their strong support to the EU-US Privacy Shield, the renewed safe framework for transatlantic data flows,” said a statement from the commission, which is expected to formally enact the decision next week.
Approval by national regulators “paves the way for the formal adoption of the legal texts and for getting the EU-US Privacy Shield up and running,” the European Commission said in a statement.
Top US companies including Facebook and Google in particular have been eager to end the legal void, because they transfer data from their European subsidiaries to their headquarters in the United States.
The deal includes commitments by the US to limit the use of bulk-collected intelligence, the appointment of a US ombudsman to deal with complaints by European citizens, and fines for firms that do not comply.
The deal will also be subject to an annual review.
But activists and European lawmakers are highly critical.
They call the deal still highly deficient in terms of protection from US government access to data, as well as safeguards from bulk data collection.
The European Parliament in May asked the EU to continue negotiating with the United States to remedy “deficiencies” in the agreement.
MEPs said the proposed US ombudsman to deal with complaints by European citizens would neither be “sufficiently independent” nor have enough powers to act.
Austrian internet activist Max Schrems — who brought a case against Facebook in Ireland that led to the EU court judgement last year — has said the new deal amounts to putting “10 layers of lipstick on a pig.”
The previous agreement, called “Safe Harbor,” effectively meant that Europe treated the United States as a safe destination for internet data on the basis that Brussels and Washington adhered to similar standards.
But the EU’s top court in October declared Safe Harbor “invalid.”
It cited US snooping practices exposed by Edward Snowden, the former intelligence contractor who leaked a hoard of National Security Agency documents.
Related: Privacy Shield Heavily Criticized by European Regulators