Striking down the previously reached agreement over US surveillance concerns, the European Union (EU) accepted the Private Shield law that would allow US companies to transfer Europeans’ private data to servers across the ocean.
The deal is aimed at protecting trans-Atlantic data flows, the European Commission said on Friday, paving the way for its formal adoption and implementation, reported RT.com.
“Today member states have given their strong support to the EU-US Privacy Shield, the renewed safe framework for transatlantic data flows,” Commission Vice-President Andrus Ansip and Justice Commissioner Vera Jourova announced in a statement, also adding that the agreement ensures “a high level of protection for individuals and legal certainty for business.”
The agreement is aimed at replacing its predecessor, the Safe Harbor framework with the US, which the EU’s top court struck down last October as “invalid” following Edward Snowden’s revelations in 2013 of mass spying by US intelligence authorities.
“It [the Privacy Shield] is fundamentally different from the old Safe Harbor: It imposes clear and strong obligations on companies handling the data and makes sure that these rules are followed and enforced in practice,” Ansip and Jourova said.
The newly adopted agreement will come into force from Tuesday.
The deal, which is said to be aimed at protecting European citizens’ private data, defines the rules of how the sharing of information should be handled.
It gives legal ground for tech companies such as Google, Facebook and MasterCard to move Europeans’ personal data to US servers bypassing an EU ban on moving personal information out from the 28-nation bloc. RT.com reported.
The agreement covers everything from private data about employees to detailed records of what people do online.
“For the first time, the US has given the EU written assurance that the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms and has also ruled out indiscriminate mass surveillance of European citizens’ data,” the statement said.
The Privacy Shield was first introduced and agreed upon in February, but its implementation was then delayed by European data protection regulators as they demanded more “security guarantees”, while expressing concerns over “the possibility that is left in the Shield for bulk collection which if massive and indiscriminate is not acceptable.”
The new deal now grants greater guarantees to European customers and provides “accessible and affordable redress mechanisms” in case any disputes concerning US spying arises.
An ombudsman will also be created within the US State Department to review complaints filed by EU citizens.
Major US and UK tech companies applauded the agreement. Among those supporting the move was Industry group, DIGITALEUROPE, which represents Apple, Google and IBM.
The TechUK, which represents 900 firms in the UK called Privacy Shield as “restoring a stable legal footing”.
Privacy Shield, however, has also faced sharp criticism. Concerns about extensive US spying activity were raised in Europe, after whistleblower Edward Snowden released a trove of controversial material on Washington’s surveillance practices.
Digital rights group Privacy International (PI) said that the newly adopted pact had been drawn up on a “flawed premise” and “remains full of holes and hence offers limited protection to personal data”, the news website reported.