By Foo Yun Chee
BRUSSELS (Reuters) – The European Commission announced on Monday a data transfer agreement with the United States after Europe’s top court annulled two previous pacts that underpinned how thousands of companies transfer Europeans’ personal data across the Atlantic.
However, the move was immediately criticised by privacy activist Max Schrems’ noyb group, which said it will challenge the agreement.
The EU executive said measures taken by the United States ensured an adequate level of protection for Europeans’ personal data transferred across the Atlantic for commercial use.
It said new binding safeguards, such as that limiting U.S. intelligence services’ access to EU data to what is “necessary and proportionate” and the setting up of a Data Protection Review Court for Europeans, address all concerns raised by Europe’s top court.
“The new EU-U.S. Data Privacy Framework will ensure safe data flows for Europeans and bring legal certainty to companies on both sides of the Atlantic,” Commission President Ursula von der Leyen said in a statement.
Schrems said the latest revision was inadequate.
“Just announcing that something is ‘new’, ‘robust’ or ‘effective’ does not cut it before the Court of Justice. We would need changes in U.S. surveillance law to make this work – and we simply don’t have it,” he said in a statement.
“We have various options for a challenge already in the drawer, although we are sick and tired of this legal ping-pong. We currently expect this to be back at the Court of Justice by the beginning of next year,” Schrems said.
Earlier this year, EU privacy watchdog the European Data Protection Board’s (EDPB) said the latest data agreement still falls short and urged the Commission to do more to protect Europeans’ privacy rights.
Europe’s top court scuppered the previous two deals after challenges by Schrems because of concerns about U.S. intelligence agencies accessing Europeans’ private data.
(Reporting by Foo Yun Chee; editing by Philip Blenkinsop)
