Security Experts:

Connect with us

Hi, what are you looking for?



EU, US Make New Attempt for Data Privacy Deal

Europe and the United States will use a thaw in ties to strike a pact that would allow for the exchange of private data across the Atlantic, replacing previous agreements struck down by an EU court.

Europe and the United States will use a thaw in ties to strike a pact that would allow for the exchange of private data across the Atlantic, replacing previous agreements struck down by an EU court.

Facebook, Google, Microsoft and thousands of other companies want such a deal to keep the internet traffic flowing without facing significant legal jeopardy over European privacy laws.

Last year, the European Court of Justice “raised important questions on how to ensure protection of privacy when data crosses the Atlantic,” EU Justice Commissioner Didier Reynders said in a speech to the American Chamber of Commerce to the EU.

“Finding this solution is a priority in Brussels and in Washington DC,” he added a day after stepping up talks with US Commerce Secretary Gina Raimondo.

As “like-minded partners” the two sides “should be able to find appropriate solutions on principles that are cherished on both sides of the Atlantic,” he said.

The third attempt for a new data arrangement would succeed deals that were invalidated after succesful lawsuits arguing that US security laws violated the fundamental rights of EU citizens.

The legal onslaught was led by Max Schrems, an Austrian activist and lawyer who began his campaign after the revelations by Edward Snowden of mass digital spying by US agencies. 

Businesses have since resorted to legally uncertain workarounds to keep the data flow moving, with hope that the two sides could come up with something stronger in the long term.

Reynders said a deal would require that “complex and sensitive” issues are solved “that relate to the delicate balance between national security and privacy”.

The deal would have to cover important issues, including guarantees of access to courts and clearly enforceable individual rights.

“The only way to achieve this is to develop a new arrangement that is fully compliant with the (EU court’s) Schrems II judgement. This is in our mutual interest,” Reynders added.

The EU has concluded similar agreements with 12 entities and countries, including Japan, Switzerland, Canada, Israel, and is in the process of concluding negotiations with South Korea. 

In February, Brussels gave an initial green light to the transfer of personal data to the UK, which left the EU’s direct jurisdiction this year after a post-Brexit transition period.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Application Security

Less than a week after patching critical security defects affecting multiple enterprise-facing products, VMware is warning that one of the flaws is being exploited...

Application Security

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.