The European Union has agreed to a data sharing agreement with the United States, bringing to a close a years-long negotiation that saw U.S. national security concerns bump up against European privacy rights. The new EU-U.S. Data Privacy Framework — which replaces a previous iteration, the Privacy Shield, invalidated by EU courts in 2020 — was a focus of Big Tech. Under the new agreement, Europeans can lodge formal objections when they feel their personal information has been improperly accessed by American intelligence agencies, with an independent judicial review body, the Data Protection Review Court, established to evaluate such claims.

The EU-U.S. Data Privacy Framework “will be subject to periodic reviews, to be carried out by the European Commission, together with representatives of European data protection authorities” and U.S. authorities, the EC explained in a statement.

The initial review will take place “within a year of the entry into force of the adequacy decision, in order to verify that all relevant elements have been fully implemented in the U.S. legal framework and are functioning effectively,” the statement continues.

“The trans-Atlantic agreement was a top priority for the world’s biggest technology companies and thousands of other multinational businesses that rely on the free flow of data,” writes The New York Times,

The agreement concludes a period of legal uncertainty under which U.S. tech firms had been operating with regard to the EU. In May, Meta Platforms was fined $1.3 billion by a European privacy regulator that cited the 2020 judgment in determining transmission of Facebook user data to the U.S. violated EU privacy law.

Meta has appealed the decision, a position the new framework will undoubtedly help. “Meta, like many businesses, moves data from Europe to the United States, where it has its headquarters and many of its data centers,” NYT says, pointing out that “other European privacy regulators ruled that services provided by American companies, including Google Analytics and Mailchimp, could violate Europeans’ privacy rights because they moved data through the United States.”

European Commission President Ursula von der Leyen said in the statement that the new framework “will ensure safe data flows for Europeans and bring legal certainty to companies on both sides of the Atlantic.” The agreement solidifies an agreement in principle von der Leyen reached with President Biden last year.

Related:
European Commission Adopts EU-U.S. Adequacy Decision, National Law Review, 7/10/23
EU and U.S. Reach a Deal to Let Data Flow Across the Atlantic, Politico, 7/10/23