Connect with us

Hi, what are you looking for?


Privacy & Compliance

EU Member States Approve US Data Deal

EU member states on Friday approved a highly-criticized deal with the US intended to curb government spying on the personal internet data of EU citizens.

EU member states on Friday approved a highly-criticized deal with the US intended to curb government spying on the personal internet data of EU citizens.

Washington and the European Commission, the EU’s executive arm, had announced the new “Privacy Shield” deal in February.

“Privacy Shield” has now been approved by member-state regulators, the Commission said in a statement.

The deal replaces an agreement that was thrown out by the European Court of Justice last year.

Internet and Data Privacy

“Today Member States have given their strong support to the EU-US Privacy Shield, the renewed safe framework for transatlantic data flows,” said a statement from the commission, which is expected to formally enact the decision next week.

Approval by national regulators “paves the way for the formal adoption of the legal texts and for getting the EU-US Privacy Shield up and running,” the European Commission said in a statement.

Top US companies including Facebook and Google in particular have been eager to end the legal void, because they transfer data from their European subsidiaries to their headquarters in the United States.

The deal includes commitments by the US to limit the use of bulk-collected intelligence, the appointment of a US ombudsman to deal with complaints by European citizens, and fines for firms that do not comply.

Advertisement. Scroll to continue reading.

The deal will also be subject to an annual review.

But activists and European lawmakers are highly critical.

They call the deal still highly deficient in terms of protection from US government access to data, as well as safeguards from bulk data collection.

The European Parliament in May asked the EU to continue negotiating with the United States to remedy “deficiencies” in the agreement.

MEPs said the proposed US ombudsman to deal with complaints by European citizens would neither be “sufficiently independent” nor have enough powers to act.

Austrian internet activist Max Schrems — who brought a case against Facebook in Ireland that led to the EU court judgement last year — has said the new deal amounts to putting “10 layers of lipstick on a pig.”

The previous agreement, called “Safe Harbor,” effectively meant that Europe treated the United States as a safe destination for internet data on the basis that Brussels and Washington adhered to similar standards.

But the EU’s top court in October declared Safe Harbor “invalid.”

It cited US snooping practices exposed by Edward Snowden, the former intelligence contractor who leaked a hoard of National Security Agency documents.

Related: Privacy Shield Heavily Criticized by European Regulators

Written By

AFP 2023

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.


The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...