The European Commission has launched the new legal framework that will allow digital companies to transfer data between the two sides of the Atlantic. It’s the third time he’s done this. The two previous agreements – and their legal evolution – were overturned by European justice for not providing sufficient guarantees of protection according to EU regulations. “The executive order provides binding safeguards that restrict U.S. intelligence authorities’ access to data to what is necessary and proportionate to protect national security,” the executive tells the community to show its confidence that the fate of the agreement reached between Brussels and Washington this time around will not suffer the same fate as the other two. . Maximilian Schrems, an Austrian activist who has sued on other occasions and ended up winning in court, doesn’t see it this way: “It will end up again before the Court of Justice of the European Union (CJEU) in a few months.”
In 2020, the CJEU revoked the second agreement between the European Commission and the Barack Obama administration reached four years earlier that gave legal coverage to sending data for storage from the EU to the US. It did so because it considered that this framework, like the previous one which it had also invalidated, “provides no guarantees to non-citizens” of the United States, following the suit brought by Shrems. Two years later, in March 2022, the President of the Commission, Ursula von der Leyen, and the President of the United States reached an agreement in principle. Talks continued and once the final agreement was finalised, it was ratified on Monday by the European executive. The next day, i.e. Tuesday it will be in effect.
The main reason why the data transfer regulations were deemed illegal by the CJEU on the two previous occasions is that in the US there is no federal law regulating data management and that the CIA, FBI or NSA can intervene when they see fit for national security, which is It is strictly prohibited in Europe. Aware of this, Brussels explains in a statement that Washington “has established a new mechanism […] To process the claims of any person whose data has been transferred out of the European Economic Area [la UE más Noruega, Islandia y Liechtenstein] Companies in the United States about the collection and use of their data by US intelligence agencies.
This “new mechanism” that the commission is talking about is an executive order from President Joseph Biden last October. Then, the draft European regulation would have been analyzed by the European Data Protection Council and European Parliament, according to community sources, and their suggestions would have been heeded.
In order for the CJEU to demolish the previous regulations, it has put the operations of the large US technology companies that dominate the digital world (Meta, Alphabet, Amazon…) at a point of legal uncertainty. One of them, Meta, the parent company of Facebook, has already warned the North American stock market regulator at times in a thinly veiled way that this situation might lead it to reconsider continuing to operate in Europe. In fact, despite a direct relationship, last week Meta launched Social Threads, its own SMS social network to compete with Twitter and left Europe out because it did not adhere to the privacy requirements demanded by the European Union.
For the activist-led Neub Association Schrems, what has now been approved is a “copy” of the two previous agreements. This is why it declares that it already has several procedural options ready to present the new agreement to the CJEU.” We hope that the new system will be implemented by the first companies in the coming months, which will open the way for a challenge by someone whose data is transferred under the new tool. It is expected that it is not excluded that the challenge will reach the CJEU at the end of 2023 or the beginning of 2024.
You can follow The Country Technology in Facebook And Twitter Or sign up here to receive The weekly newsletter.