The European Commission has announced a new data transfer agreement with the United States, replacing two previous agreements that were invalidated by Europe’s top court, as reported by Reuters on July 10. The new agreement is aimed at facilitating the transfer of Europeans’ personal data across the Atlantic for commercial purposes. The European Commission claims that the measures taken by the United States provide an adequate level of protection for European data. These measures include limiting the access of U.S. intelligence services to EU data to what is deemed necessary and proportionate, as well as the establishment of a Data Protection Review Court for European citizens. Commission President Ursula von der Leyen believes that the new framework will ensure secure data flows and provide legal certainty to companies on both sides of the Atlantic.
However, privacy activist Max Schrems’ organization, noyb, has criticized the new agreement and announced its intention to challenge it. Schrems argues that the revision is insufficient and that changes in U.S. surveillance law are necessary to address the concerns raised by the Court of Justice. Despite being weary of the legal back-and-forth, Schrems stated that they have various options for a challenge and expect the matter to return to the Court of Justice in the near future. The European Data Protection Board (EDPB), an EU privacy watchdog, also expressed dissatisfaction with the new agreement earlier this year and called on the European Commission to take further action to protect the privacy rights of Europeans. The previous data transfer agreements were nullified due to concerns about U.S. intelligence agencies accessing the private data of European individuals.